CVE-2025-3642 — Moodle: authenticated remote code execution risk in the moodle lms equella repos

Description

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

How to fix CVE-2025-3642

To remediate CVE-2025-3642, upgrade the affected package to a fixed version below.

—upgrade to 4.1.18 or later
—upgrade to 4.1.18 or later

Is CVE-2025-3642 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.1.18, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.8, >= 4.5.0, < 4.5.4
from 0, < 4.1.18

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-3642
PATCHgithub.com/moodle/moodle
WEBaccess.redhat.com/security/cve/CVE-2025-3642
WEBbugzilla.redhat.com/show_bug.cgi?id=2359738
WEB