The vulnerability in the virtual learning environment Moodle, related to bypassing authentication using a user-controlled key, allows intruders to elevate their privileges and gain unauthorized access to protected information.

🗓️ 30 Apr 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Moodle authentication bypass via a user controlled key enables privilege escalation and data access.

Reporter	Title	Published	Views	Family All 26
Circl	CVE-2025-3640	25 Apr 202517:19	–	circl
CNNVD	Moodle 安全漏洞	22 Apr 202500:00	–	cnnvd
CNVD	Moodle Information Disclosure Vulnerability	7 May 202500:00	–	cnvd
CVE	CVE-2025-3640	25 Apr 202514:43	–	cve
Cvelist	CVE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users	25 Apr 202514:43	–	cvelist
EUVD	EUVD-2025-12522	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users	25 Apr 202515:31	–	github
NVD	CVE-2025-3640	25 Apr 202515:15	–	nvd
OpenVAS	Moodle Multiple Vulnerabilities (MSA-25-0013, MSA-25-0018, MSA-25-0019, MSA-25-0020, MSA-25-0021, MSA-25-0022, MSA-25-0023, MSA-25-0024, MSA-25-0025, MSA-25-0026, MSA-25-0027, MSA-25-0028)	24 Apr 202500:00	–	openvas
OSV	BIT-MOODLE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users	26 Jan 202614:49	–	osv

Source	Link
moodle	www.moodle.org/security/
access	www.access.redhat.com/security/cve/cve-2025-3640
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
web	www.web.nvd.nist.gov/view/vuln/detail

21 May 2025 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 24

CVSS 34.3

EPSS0.00316

Moodle authentication bypass user controlled key privilege escalation unauthorized access protected information