Cross-Site Request Forgery Exposure in Moodle's Mod_Data Module
CVE-2025-3637

Currently unrated

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

Summary

A security flaw was identified in Moodle that allows confidential information meant to prevent CSRF attacks to be leaked through publicly accessible URLs. This vulnerability is specifically present in the edit and delete pages of the mod_data module, affecting the integrity and security of sensitive user data. Organizations using affected versions of Moodle should take immediate action to implement the necessary patches to mitigate this issue.

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

https://access.redhat.com/security/cve/CVE-2025-3637

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359727

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Simon Reinhart for reporting this issue.