Anonymous Assignment Submission Vulnerability in Moodle
CVE-2025-3628

Currently unrated

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

Summary

A significant flaw has been identified in Moodle that allows anonymous assignment submissions to be de-anonymized through search functions. This vulnerability compromises student privacy by potentially revealing their identities during the assignment submission process, raising critical concerns around data security and anonymity in educational environments.

References

https://access.redhat.com/security/cve/CVE-2025-3628

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359706

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Eliot for reporting this issue.