Moodle Security Flaw Allows Unauthorized Duplication of Tours
CVE-2025-3635

Currently unrated

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

Summary

A vulnerability has been identified in Moodle that enables unauthorized users to duplicate existing tours without authentication due to insufficient safeguards against cross-site request forgery (CSRF) attacks. This security oversight allows malicious actors to exploit the vulnerability, potentially leading to unauthorized content manipulation and user experience degradation within Moodle environments.

References

https://access.redhat.com/security/cve/CVE-2025-3635

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359709

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Vincent Schneider for reporting this issue.