CVE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

🗓️ 25 Apr 2025 14:42:39Reported by fedoraType

Security flaw in Moodle permits unauthorized access to user data and disrupts two-factor authentication.

Reporter	Title	Published	Views	Family All 23
BDU FSTEC	The vulnerability of the Multi-Factor Authentication component in the virtual learning environment Moodle, which allows a perpetrator to trigger a service failure.	30 Apr 202500:00	–	bdu_fstec
Circl	CVE-2025-3625	25 Apr 202516:07	–	circl
CNNVD	Moodle 安全漏洞	22 Apr 202500:00	–	cnnvd
CNVD	Moodle Information Disclosure Vulnerability (CNVD-2025-10585)	7 May 202500:00	–	cnvd
CVE	CVE-2025-3625	25 Apr 202514:42	–	cve
EUVD	EUVD-2025-12536	3 Oct 202520:07	–	euvd
NVD	CVE-2025-3625	25 Apr 202515:15	–	nvd
OpenVAS	Moodle Multiple Vulnerabilities (MSA-25-0014, MSA-25-0015, MSA-25-0017)	24 Apr 202500:00	–	openvas
OSV	BIT-MOODLE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action	26 Jan 202614:49	–	osv
OSV	CVE-2025-3625	25 Apr 202515:15	–	osv

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.5.0",
        "lessThan": "4.5.4",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4.0",
        "lessThan": "4.4.8",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3.0",
        "lessThan": "4.3.12",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unaffected"
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-3625
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

25 Apr 2025 14:42Current

CVSS 3.17.1

EPSS0.00099

CWE-639