Data Validation Flaw in Moodle by Moodle
CVE-2025-26532

3.1LOW

Key Information:

Vendor: Moodle Project
Status: Moodle
Vendor: CVE Published:; 24 February 2025

🔔 Create Moodle Project Vulnerability Alert

What is CVE-2025-26532?

A data validation flaw exists within Moodle that requires additional checks for the proper application of trusttext to glossary entries during restoration. This oversight can lead to potential exploitation, allowing attackers to manipulate glossary content without due verification, thereby impacting the integrity of the Moodle system.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

References

https://moodle.org/mod/forum/discuss.php?d=466149

vendor-advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

patch

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 12, 2025