Moderate severityOSV Advisory· Published Oct 23, 2025· Updated Oct 23, 2025
Moodle: hidden group names visible to event creators
CVE-2025-62400
Description
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 5.0.0-beta, < 5.0.3 | 5.0.3 |
moodle/moodlePackagist | >= 4.5.0-beta, < 4.5.7 | 4.5.7 |
moodle/moodlePackagist | >= 4.2.0-beta, < 4.4.11 | 4.4.11 |
moodle/moodlePackagist | < 4.1.21 | 4.1.21 |
Affected products
3- osv-coords2 versions
>= 4.1.0, < 4.1.21+ 1 more
- (no CPE)range: >= 4.1.0, < 4.1.21
- (no CPE)range: >= 5.0.0-beta, < 5.0.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-422v-w6c5-vq42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-62400ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-62400ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05ghsaWEB
- moodle.org/mod/forum/discuss.phpghsaWEB
News mentions
0No linked articles in our index yet.