Self-enrollment Flaw in Moodle by Moodle HQ
CVE-2025-3634

Currently unrated

Key Information:

Vendor: Moodle HQ
Status
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-3634?

A significant security flaw has been identified in Moodle that allows users to enroll in courses without completing all required safety measures. This issue results in premature course sign-ups, bypassing the essential two-step verification process that ensures proper authentication. Such vulnerabilities can lead to unauthorized access and a lack of secure user verification, highlighting the need for immediate attention and remediation.

References

https://access.redhat.com/security/cve/CVE-2025-3634

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359707

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Guillaume Barat for reporting this issue.

JSON