3 matches found
CVE-2025-3640
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
CVE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...
CVE-2025-3640
CVE-2025-3640 describes an IDOR in Moodle’s web service: users enrolled in a course can access other users’ details (e.g., full name and profile image URL) due to insufficient capability checks. The connected documents (BIT-MOODLE-2025-3640, OSV:GHSA-6G5X-H5X7-Q4MQ, OSV/CIRCL sightings, CNVD) con...