Vulnerability-Lookup

CVE-2025-26532 (GCVE-0-2025-26532)

Vulnerability from cvelistv5 – Published: 2025-02-24 20:05 – Updated: 2025-02-25 14:19

Title

Teachers can evade trusttext config when restoring glossary entries

Summary

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

Severity

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-863 - Incorrect Authorization

Assigner

fedora

References

2 references

URL	Tags
https://moodle.org/mod/forum/discuss.php?d=466149	vendor-advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=…	patch

Impacted products

1 product

Vendor	Product	Version
Moodle Project	moodle	Affected: 4.5.0 , < 4.5.2 (semver) Affected: 4.4.0 , < 4.4.6 (semver) Affected: 4.3.0 , < 4.3.10 (semver) Affected: 4.1.0 , < 4.1.16 (semver) Unknown: 0 , < 4.0.* (semver) Unknown: 4.2.0 , < 4.2.* (semver)

Date Public

2025-02-18 05:40

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26532",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:19:04.443547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:19:13.124Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "moodle",
          "vendor": "Moodle Project",
          "versions": [
            {
              "lessThan": "4.5.2",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.4.6",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.3.10",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.1.16",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.0.*",
              "status": "unknown",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.*",
              "status": "unknown",
              "version": "4.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-18T05:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored."
            }
          ],
          "value": "Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-24T20:05:21.153Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://moodle.org/mod/forum/discuss.php?d=466149"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Teachers can evade trusttext config when restoring glossary entries",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2025-26532",
    "datePublished": "2025-02-24T20:05:21.153Z",
    "dateReserved": "2025-02-12T13:29:39.337Z",
    "dateUpdated": "2025-02-25T14:19:13.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-26532",
      "date": "2026-06-05",
      "epss": "0.00345",
      "percentile": "0.57354"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-26532\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2025-02-24T20:15:34.053\",\"lastModified\":\"2025-08-06T23:59:37.257\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.\"},{\"lang\":\"es\",\"value\":\" Se requirieron verificaciones adicionales para garantizar que el texto de confianza se aplique (cuando est\u00e9 habilitado) a las entradas del glosario que se est\u00e1n restaurando.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.16\",\"matchCriteriaId\":\"ABE6D6ED-55D3-46B4-84DC-7C3684E3260E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.10\",\"matchCriteriaId\":\"3DF83192-5999-4E1B-B109-A1B0F68437B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.6\",\"matchCriteriaId\":\"B91CC5BB-FFB9-4D09-9001-105A8B68208E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.2\",\"matchCriteriaId\":\"830F7FD6-3257-44A2-9599-2C5C2FF2BA20\"}]}]}],\"references\":[{\"url\":\"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=466149\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26532\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-25T14:19:04.443547Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-25T14:19:09.198Z\"}}], \"cna\": {\"title\": \"Teachers can evade trusttext config when restoring glossary entries\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moodle Project\", \"product\": \"moodle\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.3.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.16\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"4.0.*\", \"versionType\": \"semver\"}, {\"status\": \"unknown\", \"version\": \"4.2.0\", \"lessThan\": \"4.2.*\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-02-18T05:40:00.000Z\", \"references\": [{\"url\": \"https://moodle.org/mod/forum/discuss.php?d=466149\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2025-02-24T20:05:21.153Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-26532\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-25T14:19:13.124Z\", \"dateReserved\": \"2025-02-12T13:29:39.337Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2025-02-24T20:05:21.153Z\", \"assignerShortName\": \"fedora\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0138

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Moodle	Moodle	Moodle versions 4.3.x antérieures à 4.3.10
Moodle	Moodle	Moodle versions 4.1.x antérieures à 4.1.16
Moodle	Moodle	Moodle versions 4.5.x antérieures à 4.5.2
Moodle	Moodle	Moodle versions 4.4.x antérieures à 4.4.6

References

Title

Publication Time

CERTFR-2025-AVI-0138

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Moodle	Moodle	Moodle versions 4.3.x antérieures à 4.3.10
Moodle	Moodle	Moodle versions 4.1.x antérieures à 4.1.16
Moodle	Moodle	Moodle versions 4.5.x antérieures à 4.5.2
Moodle	Moodle	Moodle versions 4.4.x antérieures à 4.4.6

References

Title

Publication Time

BDU:2025-02328

Vulnerability from fstec - Published: 18.02.2025

Title

Уязвимость виртуальной обучающей среды Moodle, связанная с недостатками контроля доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость виртуальной обучающей среды Moodle связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N


                    
                      AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

Vendor

ООО «Ред Софт», Мартин Дугамас

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Moodle

Software Version

7.3 (РЕД ОС), от 4.5.0 до 4.5.2 (Moodle), от 4.4.0 до 4.4.6 (Moodle), от 4.3.0 до 4.3.10 (Moodle), от 4.1.0 до 4.1.16 (Moodle)

Possible Mitigations

Использование рекомендаций: https://moodle.org/mod/forum/discuss.php?d=466149 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://www.cybersecurity-help.cz/vulnerabilities/104024/ https://moodle.org/mod/forum/discuss.php?d=466149 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
  "CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green",
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041c\u0430\u0440\u0442\u0438\u043d \u0414\u0443\u0433\u0430\u043c\u0430\u0441",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 4.5.0 \u0434\u043e 4.5.2 (Moodle), \u043e\u0442 4.4.0 \u0434\u043e 4.4.6 (Moodle), \u043e\u0442 4.3.0 \u0434\u043e 4.3.10 (Moodle), \u043e\u0442 4.1.0 \u0434\u043e 4.1.16 (Moodle)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://moodle.org/mod/forum/discuss.php?d=466149\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02328",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-26532",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Moodle",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vulnerabilities/104024/\nhttps://moodle.org/mod/forum/discuss.php?d=466149\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,3)"
}

bit-moodle-2025-26532

Vulnerability from bitnami_vulndb

Published

2025-08-07 08:59

Modified

2025-08-07 09:23

Summary

Teachers can evade trusttext config when restoring glossary entries

Details

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "moodle",
        "purl": "pkg:bitnami/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.16"
            },
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.10"
            },
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.6"
            },
            {
              "introduced": "4.5.0"
            },
            {
              "fixed": "4.5.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-26532"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.",
  "id": "BIT-moodle-2025-26532",
  "modified": "2025-08-07T09:23:45.368Z",
  "published": "2025-08-07T08:59:21.801Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=466149"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26532"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Teachers can evade trusttext config when restoring glossary entries"
}

FKIE_CVE-2025-26532

Vulnerability from fkie_nvd - Published: 2025-02-24 20:15 - Updated: 2025-08-06 23:59

Severity

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

References

	URL	Tags
	patrick@puiterwijk.org	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003	Patch
	patrick@puiterwijk.org	https://moodle.org/mod/forum/discuss.php?d=466149	Vendor Advisory

Impacted products

Vendor	Product	Version
moodle	moodle	*
moodle	moodle	*
moodle	moodle	*
moodle	moodle	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE6D6ED-55D3-46B4-84DC-7C3684E3260E",
              "versionEndExcluding": "4.1.16",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF83192-5999-4E1B-B109-A1B0F68437B2",
              "versionEndExcluding": "4.3.10",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91CC5BB-FFB9-4D09-9001-105A8B68208E",
              "versionEndExcluding": "4.4.6",
              "versionStartIncluding": "4.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "830F7FD6-3257-44A2-9599-2C5C2FF2BA20",
              "versionEndExcluding": "4.5.2",
              "versionStartIncluding": "4.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored."
    },
    {
      "lang": "es",
      "value": " Se requirieron verificaciones adicionales para garantizar que el texto de confianza se aplique (cuando est\u00e9 habilitado) a las entradas del glosario que se est\u00e1n restaurando."
    }
  ],
  "id": "CVE-2025-26532",
  "lastModified": "2025-08-06T23:59:37.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.1,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 1.4,
        "source": "patrick@puiterwijk.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-24T20:15:34.053",
  "references": [
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Patch"
      ],
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003"
    },
    {
      "source": "patrick@puiterwijk.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=466149"
    }
  ],
  "sourceIdentifier": "patrick@puiterwijk.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "patrick@puiterwijk.org",
      "type": "Secondary"
    }
  ]
}

GHSA-CW24-F6FQ-7J9V

Vulnerability from github – Published: 2025-02-24 21:31 – Updated: 2025-02-24 22:15

Summary

Moodle allows teachers to evade trusttext config when restoring glossary entries

Details

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

Severity

3.1 (Low)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.5.0-beta"
            },
            {
              "fixed": "4.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0-beta"
            },
            {
              "fixed": "4.4.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0-beta"
            },
            {
              "fixed": "4.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-26532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-24T22:15:06Z",
    "nvd_published_at": "2025-02-24T20:15:34Z",
    "severity": "LOW"
  },
  "details": "Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.",
  "id": "GHSA-cw24-f6fq-7j9v",
  "modified": "2025-02-24T22:15:06Z",
  "published": "2025-02-24T21:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26532"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=466149"
    },
    {
      "type": "WEB",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle allows teachers to evade trusttext config when restoring glossary entries"
}

WID-SEC-W-2025-0390

Vulnerability from csaf_certbund - Published: 2025-02-17 23:00 - Updated: 2025-02-17 23:00

Summary

Moodle: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um SQL-Injection- und Cross-Site-Scripting-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben oder andere nicht näher spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-26525

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26526

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26527

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26528

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26529

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26530

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26531

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26532

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

CVE-2025-26533

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
Open Source Moodle <4.1.16 Open Source / Moodle		<4.1.16
Open Source Moodle <4.3.10 Open Source / Moodle		<4.3.10
Open Source Moodle <4.4.6 Open Source / Moodle		<4.4.6
Open Source Moodle <4.5.2 Open Source / Moodle		<4.5.2

References

12 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://moodle.org/mod/forum/discuss.php?d=466141	external
https://moodle.org/mod/forum/discuss.php?d=466142	external
https://moodle.org/mod/forum/discuss.php?d=466143	external
https://moodle.org/mod/forum/discuss.php?d=466144	external
https://moodle.org/mod/forum/discuss.php?d=466145	external
https://moodle.org/mod/forum/discuss.php?d=466146	external
https://moodle.org/mod/forum/discuss.php?d=466147	external
https://moodle.org/mod/forum/discuss.php?d=466148	external
https://moodle.org/mod/forum/discuss.php?d=466149	external
https://moodle.org/mod/forum/discuss.php?d=466150	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um SQL-Injection- und Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben oder andere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0390 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0390.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0390 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0390"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466141"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466142"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466143"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466144"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466145"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466146"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466147"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466148"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466149"
      },
      {
        "category": "external",
        "summary": "Moodle Security announcements vom 2025-02-17",
        "url": "https://moodle.org/mod/forum/discuss.php?d=466150"
      }
    ],
    "source_lang": "en-US",
    "title": "Moodle: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-02-17T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-18T09:05:40.445+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0390",
      "initial_release_date": "2025-02-17T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-17T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.5.2",
                "product": {
                  "name": "Open Source Moodle \u003c4.5.2",
                  "product_id": "T041249"
                }
              },
              {
                "category": "product_version",
                "name": "4.5.2",
                "product": {
                  "name": "Open Source Moodle 4.5.2",
                  "product_id": "T041249-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:moodle:4.5.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.4.6",
                "product": {
                  "name": "Open Source Moodle \u003c4.4.6",
                  "product_id": "T041250"
                }
              },
              {
                "category": "product_version",
                "name": "4.4.6",
                "product": {
                  "name": "Open Source Moodle 4.4.6",
                  "product_id": "T041250-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:moodle:4.4.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.3.10",
                "product": {
                  "name": "Open Source Moodle \u003c4.3.10",
                  "product_id": "T041251"
                }
              },
              {
                "category": "product_version",
                "name": "4.3.10",
                "product": {
                  "name": "Open Source Moodle 4.3.10",
                  "product_id": "T041251-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:moodle:4.3.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.16",
                "product": {
                  "name": "Open Source Moodle \u003c4.1.16",
                  "product_id": "T041252"
                }
              },
              {
                "category": "product_version",
                "name": "4.1.16",
                "product": {
                  "name": "Open Source Moodle 4.1.16",
                  "product_id": "T041252-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:moodle:4.1.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Moodle"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-26525",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26525"
    },
    {
      "cve": "CVE-2025-26526",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26526"
    },
    {
      "cve": "CVE-2025-26527",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26527"
    },
    {
      "cve": "CVE-2025-26528",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26528"
    },
    {
      "cve": "CVE-2025-26529",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26529"
    },
    {
      "cve": "CVE-2025-26530",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26530"
    },
    {
      "cve": "CVE-2025-26531",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26531"
    },
    {
      "cve": "CVE-2025-26532",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26532"
    },
    {
      "cve": "CVE-2025-26533",
      "product_status": {
        "known_affected": [
          "T041252",
          "T041251",
          "T041250",
          "T041249"
        ]
      },
      "release_date": "2025-02-17T23:00:00.000+00:00",
      "title": "CVE-2025-26533"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-26532 (GCVE-0-2025-26532)

CERTFR-2025-AVI-0138

Solutions

CERTFR-2025-AVI-0138

Solutions

BDU:2025-02328

bit-moodle-2025-26532

Vulnerability from bitnami_vulndb

FKIE_CVE-2025-26532

GHSA-CW24-F6FQ-7J9V

WID-SEC-W-2025-0390

Tags

Sightings

Nomenclature