Main Vulnerability Database Vulnerabilities #VU111253

#VU111253 Use of cache containing sensitive information in Moodle - CVE-2025-49513

Published: June 18, 2025

Vulnerability identifier: #VU111253

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-49513

CWE-ID: CWE-524

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Moodle

Software vendor:
moodle.org

Description

The vulnerability allows a local attacker to compromise user accounts.

The vulnerability exists due to use of cache containing sensitive information. An attacker with physical access can gain access to user's password on the login page after log out.

Remediation

Install updates from vendor's website.

External links

https://moodle.org/mod/forum/discuss.php?d=468501
https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-85323&type=commits

#VU111253 Use of cache containing sensitive information in Moodle - CVE-2025-49513

Description

Remediation

External links

Please verify you're human