CVE-2025-3642

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3642	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359738	Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=467603	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

24 Jun 2025, 16:09

Type	Values Removed	Values Added
First Time		Moodle moodle Moodle
CPE		cpe:2.3:a:moodle:moodle::::::::
References	~~() https://access.redhat.com/security/cve/CVE-2025-3642 -~~	() https://access.redhat.com/security/cve/CVE-2025-3642 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2359738 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2359738 - Issue Tracking
References	~~() https://moodle.org/mod/forum/discuss.php?d=467603 -~~	() https://moodle.org/mod/forum/discuss.php?d=467603 - Vendor Advisory

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en Moodle. Se identificó un riesgo de ejecución remota de código en el repositorio EQUELLA de Moodle LMS. Por defecto, esta opción solo estaba disponible para profesores y administradores en sitios con el repositorio EQUELLA habilitado.

25 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:09

NVD link : CVE-2025-3642

Mitre link : CVE-2025-3642

CVE.ORG link : CVE-2025-3642

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-3642", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-04-25T15:15:38.013", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3642", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738", "tags": ["Issue Tracking"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=467603", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Moodle. Se identific\u00f3 un riesgo de ejecuci\u00f3n remota de c\u00f3digo en el repositorio EQUELLA de Moodle LMS. Por defecto, esta opci\u00f3n solo estaba disponible para profesores y administradores en sitios con el repositorio EQUELLA habilitado."}], "lastModified": "2025-06-24T16:09:54.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245F0D61-A209-4129-AEA5-C8E1600F5202", "versionEndExcluding": "4.1.18"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A", "versionEndExcluding": "4.3.12", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}