Medium severity4.3NVD Advisory· Published Oct 21, 2025· Updated Apr 15, 2026
CVE-2025-60511
CVE-2025-60511
Description
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 3.0.1 (build 2025021700)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.