Self-enrollment Flaw in Moodle by Moodle HQ
CVE-2025-3634

Currently unrated

Key Information:

Vendor: Moodle HQ
Status
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-3634?

A significant security flaw has been identified in Moodle that allows users to enroll in courses without completing all required safety measures. This issue results in premature course sign-ups, bypassing the essential two-step verification process that ensures proper authentication. Such vulnerabilities can lead to unauthorized access and a lack of secure user verification, highlighting the need for immediate attention and remediation.

References

https://access.redhat.com/security/cve/CVE-2025-3634

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359707

issue-trackingx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Guillaume Barat for reporting this issue.