Insufficient Capability Checks in Moodle by Moodle
CVE-2025-26531

3.1LOW

Key Information:

Vendor: Moodle Project
Status: Moodle
Vendor: CVE Published:; 24 February 2025

🔔 Create Moodle Project Vulnerability Alert

What is CVE-2025-26531?

This vulnerability in Moodle arises from inadequate checks on user capabilities, allowing individuals to disable badges that they are not authorized to access. This oversight could lead to unauthorized manipulation of badge statuses, potentially affecting user trust and engagement within the platform. The improper enforcement of permission levels emphasizes the need for stricter controls to ensure that only designated users have access to certain features.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

References

https://moodle.org/mod/forum/discuss.php?d=466148

vendor-advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

patch

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 12, 2025