VYPR
Moderate severityOSV Advisory· Published Feb 3, 2026· Updated Feb 3, 2026

Moodle: moodle: data exposure of user identifiers in urls

CVE-2025-67857

Description

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
< 4.1.224.1.22
moodle/moodlePackagist
>= 4.4.0-beta, < 4.4.124.4.12
moodle/moodlePackagist
>= 4.5.0-beta, < 4.5.84.5.8
moodle/moodlePackagist
>= 5.0.0-beta, < 5.0.45.0.4
moodle/moodlePackagist
>= 5.1.0-beta, < 5.1.15.1.1

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.