BIT-MOODLE-2025-62396 Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

Moodle's error handling leads to sensitive information disclosure

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

GHSA-C5CJ-XP43-QCC3 Moodle's error handling leads to sensitive information disclosure

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

CVE-2025-62396 Moodle: router (r.php) could expose application directories

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

CVE-2025-62396

CVE-2025-62396 involves Moodle’s router (r.php) and an error-handling flaw that can cause the application to display internal directory listings when HTTP header configuration is incomplete. Affected software/component: Moodle/r.php router logic as described in multiple security feeds. Root cause...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from improper error handling in r.php, which could lead to the display o...