#VU111253 Use of cache containing sensitive information in Moodle - CVE-2025-49513
Vulnerability identifier: #VU111253
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-524
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Moodle
Web applications /
Other software
Vendor: moodle.org
Description
The vulnerability allows a local attacker to compromise user accounts.
The vulnerability exists due to use of cache containing sensitive information. An attacker with physical access can gain access to user's password on the login page after log out.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Moodle: 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 5.0.0
External links
https://moodle.org/mod/forum/discuss.php?d=468501
https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-85323&type=commits
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
