CVE-2025-3625

HIGH7.1EPSS 0.10%

Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

發布日:2026/1/26修改日:2026/1/26

描述

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

受影響套件(1)

Bitnami/moodle>= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.8, >= 4.5.0, < 4.5.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

參考連結(3)

WEBhttps://access.redhat.com/security/cve/CVE-2025-3625
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2359690
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-3625