Data Validation Flaw in Moodle by Moodle
CVE-2025-26532

3.1LOW

Key Information:

Vendor: Moodle Project
Status: Moodle
Vendor: CVE Published:; 24 February 2025

Summary

A data validation flaw exists within Moodle that requires additional checks for the proper application of trusttext to glossary entries during restoration. This oversight can lead to potential exploitation, allowing attackers to manipulate glossary content without due verification, thereby impacting the integrity of the Moodle system.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

References

https://moodle.org/mod/forum/discuss.php?d=466149

vendor-advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

patch

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 12, 2025