Insufficient Capability Checks in Moodle Affect User Grade Access
CVE-2025-32045

Currently unrated

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

Summary

A flaw in Moodle has been discovered where inadequate capability checks in specific grade reports can lead to unauthorized access. This vulnerability allows users without proper permissions to view hidden grades, potentially exposing sensitive academic information. It highlights the importance of robust permission validations to secure user data effectively.

References

https://access.redhat.com/security/cve/CVE-2025-32045

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2356835

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 2, 2025

Credit

Red Hat would like to thank Ilya Tregubov for reporting this issue.