What the vulnerability does
01Description
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
CVE-2025-3645
MEDIUM
CVE-2025-3645: Moodle: idor in messaging web service allows access to some user details
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
April 25, 2025
CVE published
April 28, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-28774
CVE-2024-42423
CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"
CVE-2024-2378
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.
