What the vulnerability does
01Description
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
CVE-2025-3628
MEDIUM
CVE-2025-3628: Moodle: moodle assignment submission search leaks anonymous student identities
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
April 25, 2025
CVE published
April 25, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse
CVE-2023-26533 WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure
CVE-2020-29010
CVE-2021-24585 Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
CVE-2025-26710
