A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2025-3642 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2359738 | Issue Tracking |
https://moodle.org/mod/forum/discuss.php?d=467603 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jun 2025, 16:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Moodle moodle
Moodle |
|
CPE | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* | |
References | () https://access.redhat.com/security/cve/CVE-2025-3642 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2359738 - Issue Tracking | |
References | () https://moodle.org/mod/forum/discuss.php?d=467603 - Vendor Advisory |
29 Apr 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Apr 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-25 15:15
Updated : 2025-06-24 16:09
NVD link : CVE-2025-3642
Mitre link : CVE-2025-3642
CVE.ORG link : CVE-2025-3642
JSON object : View
Products Affected
moodle
- moodle
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')