VYPR
Unrated severityOSV Advisory· Published Apr 25, 2025· Updated Apr 25, 2025

Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

CVE-2025-3625

Description

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Moodle/MoodleOSV2 versions
    v4.3.0, v4.3.1, v4.3.10, …+ 1 more
    • (no CPE)range: v4.3.0, v4.3.1, v4.3.10, …
    • (no CPE)
  • osv-coords
    Range: >= 4.3.0, < 4.3.12

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.