CVE-2025-3641

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

History

24 Jun 2025, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
First Time Moodle moodle
Moodle
References () https://access.redhat.com/security/cve/CVE-2025-3641 - () https://access.redhat.com/security/cve/CVE-2025-3641 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2359735 - () https://bugzilla.redhat.com/show_bug.cgi?id=2359735 - Issue Tracking
References () https://moodle.org/mod/forum/discuss.php?d=467602 - () https://moodle.org/mod/forum/discuss.php?d=467602 - Vendor Advisory

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se detectó una falla en Moodle. Se identificó un riesgo de ejecución remota de código en el repositorio de Dropbox de Moodle LMS. Por defecto, esta opción solo estaba disponible para profesores y administradores en sitios con el repositorio de Dropbox habilitado.

25 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:09


NVD link : CVE-2025-3641

Mitre link : CVE-2025-3641

CVE.ORG link : CVE-2025-3641


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')