CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

🗓️ 25 Apr 2025 14:42:56Reported by fedoraType

CSRF token exposure in Moodle mod_data module via URL on edit and delete pages.

Reporter	Title	Published	Views	Family All 26
BDU FSTEC	The vulnerability of the mod_data module in the virtual training environment Moodle, which allows a intruder to gain unauthorized access to protected information	30 Apr 202500:00	–	bdu_fstec
Circl	CVE-2025-3637	25 Apr 202517:19	–	circl
CNNVD	Moodle 安全漏洞	22 Apr 202500:00	–	cnnvd
CNVD	Moodle Information Disclosure Vulnerability (CNVD-2025-09237)	7 May 202500:00	–	cnvd
CVE	CVE-2025-3637	25 Apr 202514:42	–	cve
EUVD	EUVD-2025-12524	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle's mod_data edit/delete pages pass CSRF token in GET parameter	25 Apr 202515:31	–	github
NVD	CVE-2025-3637	25 Apr 202515:15	–	nvd
OpenVAS	Moodle Multiple Vulnerabilities (MSA-25-0013, MSA-25-0018, MSA-25-0019, MSA-25-0020, MSA-25-0021, MSA-25-0022, MSA-25-0023, MSA-25-0024, MSA-25-0025, MSA-25-0026, MSA-25-0027, MSA-25-0028)	24 Apr 202500:00	–	openvas
OSV	BIT-MOODLE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module	26 Jan 202614:49	–	osv

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.5.0",
        "lessThan": "4.5.4",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4.0",
        "lessThan": "4.4.8",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3.0",
        "lessThan": "4.3.12",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.18",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unaffected"
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-3637
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
git	www.git.moodle.org/gw

25 Apr 2025 14:42Current

CVSS 3.13.1

EPSS0.00129

CWE-598