CVE-2025-3634 MEDIUM

CVE-2025-3634: Moodle: moodle allows course self-enrolment before completing mfa

Weakness CWE-287 · Improper authentication
Published April 25, 2025
Last update April 25, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

Key dates

02Disclosure timeline

April 25, 2025 CVE published
April 25, 2025 Record updated

Related vulnerabilities

04Related CVE