Moodle's error handling leads to sensitive information disclosure

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

GHSA-C5CJ-XP43-QCC3 Moodle's error handling leads to sensitive information disclosure

An error-handling issue in the Moodle router r.php could cause the application to display internal directory listings when specific HTTP headers were not properly configured...

CVE-2025-62396

CVE-2025-62396 involves Moodle’s router (r.php) and an error-handling flaw that can cause the application to display internal directory listings when HTTP header configuration is incomplete. Affected software/component: Moodle/r.php router logic as described in multiple security feeds. Root cause...