Main Vulnerability Database Vulnerabilities #VU111253

Use of cache containing sensitive information in Moodle - CVE-2025-49513

Published: June 18, 2025

Vulnerability identifier: #VU111253

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-49513

CWE-ID: CWE-524

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a local attacker to compromise user accounts.

The vulnerability exists due to use of cache containing sensitive information. An attacker with physical access can gain access to user's password on the login page after log out.

How to mitigate CVE-2025-49513

Install updates from vendor's website.

Sources

https://moodle.org/mod/forum/discuss.php?d=468501
https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-85323&type=commits

Use of cache containing sensitive information in Moodle - CVE-2025-49513

Detailed vulnerability description

How to mitigate CVE-2025-49513

Sources

Please verify you're human