Arbitrary File Read Vulnerability in TeX Notation Filter Affects Moodle Products
CVE-2025-26525

8.6HIGH

Key Information:

Vendor: Moodle Project
Status: Moodle
Vendor: CVE Published:; 24 February 2025

Summary

The TeX notation filter in Moodle suffers from an insufficient sanitization issue, which may allow an attacker to exploit systems equipped with pdfTeX, particularly where TeX Live is installed. This vulnerability enables unauthorized file access, posing a significant security risk if not addressed promptly. Users are advised to review their systems and ensure appropriate security measures are in place to mitigate potential threats.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

References

https://moodle.org/mod/forum/discuss.php?d=466141

vendor-advisory

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st...

patch

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 12, 2025