SB2026032565 - Multiple vulnerabilities in Moodle

Description

This security bulletin contains information about 10 vulnerabilities.

1) Improper access control (CVE-ID: CVE-2025-62393)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to insufficient handling of course access checks in a course overview function. A remote user can gain access to sensitive information.

2) Improper Authentication (CVE-ID: CVE-2025-62398)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to incorrect handling of some endpoints during login. A remote user can bypass the second factor of multi-factor authentication.

3) Information Exposure Through an Error Message (CVE-ID: CVE-2025-62397)

CWE-ID: CWE-209 - Information Exposure Through an Error Message

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to inconsistent handling of valid and non-existent course IDs within the router. A remote attacker can determine valid course IDs.

4) Exposure of Information Through Directory Listing (CVE-ID: CVE-2025-62396)

CWE-ID: CWE-548 - Exposure of Information Through Directory Listing

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect error handling in the routing system. A remote attacker can gain unauthorized access to sensitive information on the system.

5) Improper access control (CVE-ID: CVE-2025-62395)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to external cohort search service method leaks system cohort data. A remote user can bypass implemented security restrictions and gain unauthorized access to sensitive information.

6) Incorrect authorization (CVE-ID: CVE-2025-62394)

CWE-ID: CWE-863 - Incorrect Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to insufficient enrolment checks. A remote user with inactive enrolment in the course can gain access to quiz notifications.

7) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-54869)

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling in the upstream FPDI library. A remote attacker can cause a denial of service condition on the target system.

8) Improper Authorization (CVE-ID: CVE-2025-62401)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to bypass authorization checks.

The vulnerability exists due to improper authorization. A remote user can bypass the timed restriction on a timed assignment.

9) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2025-62399)

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected application does not limit the number of password attempts when the mobile client and auth_webservice were enabled. A remote attacker can brute force password checks against known usernames.

10) Information disclosure (CVE-ID: CVE-2025-62400)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insufficient capability checks. A remote user with access to create group calendar events can see hidden and separate groups in the list of groups to select for calendar events.

Remediation

Install update from vendor's website.

References

• https://moodle.org/mod/forum/discuss.php?d=470381
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86426&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470387
• https://moodle.org/mod/forum/discuss.php?d=470386
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86335&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470385
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86494&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470384
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-85421&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470383
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86253&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470382
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86353&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470390
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-75087&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470388
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86327&type=commits
• https://moodle.org/mod/forum/discuss.php?d=470389
• https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86261&type=commits