Sensitive Information Exposure in Moodle by Moodle Pty Ltd
CVE-2025-3627

Currently unrated

Key Information:

Vendor: Moodle Pty Ltd
Status
Vendor: CVE Published:; 25 April 2025

Summary

A vulnerability exists in the Moodle platform that potentially allows users to gain unauthorized access to sensitive information of other students prior to the successful verification of their identity through two-factor authentication (2FA). This flaw could lead to significant privacy violations, as unverified users may exploit it to view confidential data. Organizations using Moodle should apply recommended security patches to mitigate risks associated with this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2025-3627

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359692

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025