Insufficient Capability Checks in Moodle Leading to Unauthorized RSS Feed Access
CVE-2025-3636

Currently unrated

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-3636?

A vulnerability in Moodle allows unauthorized users to access and view sensitive RSS feeds due to inadequate capability checks. This flaw may expose information that should remain restricted to authenticated users, posing a risk to privacy and data integrity.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

https://access.redhat.com/security/cve/CVE-2025-3636

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359726

issue-trackingx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Vincent Schneider for reporting this issue.