CVE-2025-3625 HIGH

CVE-2025-3625: Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

Weakness CWE-639 · IDOR
Published April 25, 2025
Last update April 25, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

What the vulnerability does

01Description

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

Key dates

02Disclosure timeline

April 25, 2025 CVE published
April 25, 2025 Record updated

Related vulnerabilities

04Related CVE