{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3625", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2025-04-15T06:45:25.748Z", "datePublished": "2025-04-25T14:42:39.887Z", "dateUpdated": "2025-04-25T16:01:25.670Z"}, "containers": {"cna": {"title": "Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."}], "affected": [{"versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.4", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.8", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.12", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3625", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690", "name": "RHBZ#2359690", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-04-22T12:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key", "timeline": [{"lang": "en", "time": "2025-04-15T06:38:04.957000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-04-22T12:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank vi22 for reporting this issue."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-04-25T14:42:39.887Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T15:43:21.330868Z", "id": "CVE-2025-3625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T16:01:25.670Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-25T15:43:21.330868Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:43:23.220Z"}}], "cna": {"title": "Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action", "credits": [{"lang": "en", "value": "Red Hat would like to thank vi22 for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.4", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.8", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.12", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-15T06:38:04.957000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-04-22T12:00:00+00:00", "value": "Made public."}], "datePublic": "2025-04-22T12:00:00.000Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3625", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690", "name": "RHBZ#2359690", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-04-25T14:42:39.887Z"}, "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"}}, "cveMetadata": {"cveId": "CVE-2025-3625", "state": "PUBLISHED", "dateUpdated": "2025-04-25T16:01:25.670Z", "dateReserved": "2025-04-15T06:45:25.748Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2025-04-25T14:42:39.887Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en Moodle que puede permitir a los piratas inform\u00e1ticos obtener acceso a informaci\u00f3n confidencial sobre los estudiantes y evitar que inicien sesi\u00f3n en sus cuentas, incluso despu\u00e9s de haber completado la autenticaci\u00f3n de dos factores (2FA)."}], "id": "CVE-2025-3625", "lastModified": "2025-04-29T13:52:28.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2025-04-25T15:15:36.753", "references": [{"source": "patrick@puiterwijk.org", "url": "https://access.redhat.com/security/cve/CVE-2025-3625"}, {"source": "patrick@puiterwijk.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}

{}