Remote Code Execution Vulnerability in Moodle LMS by Moodle
CVE-2025-3642

8.8HIGH

Key Information:

Vendor: Moodle
Status
Vendor: CVE Published:; 25 April 2025

What is CVE-2025-3642?

A security flaw has been identified in Moodle's Learning Management System that exposes a remote code execution risk specifically within the EQUELLA repository component. This vulnerability, which is only accessible by teachers and managers on Moodle sites utilizing the EQUELLA repository, could potentially allow an attacker to execute arbitrary code. It is important for users and administrators to be aware of this risk to ensure proper security measures are in place.

References

https://access.redhat.com/security/cve/CVE-2025-3642

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2359738

issue-trackingx_refsource_REDHAT

https://moodle.org/mod/forum/discuss.php?d=467603

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Red Hat would like to thank Vincent Schneider for reporting this issue.