BIT-MOODLE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

EUVD-2025-12526

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-3635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against...

Cross-Site Request Forgery (CSRF)

moodle/moodle is vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing validation checks in the tour duplication feature, allowing unauthorized users to duplicate existing tours without logging in...

Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

GHSA-88XJ-97GF-7WPQ Moodle has a CSRF risk in user tours manager that allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

CVE-2025-3635

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

CVE-2025-3635

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...

CVE-2025-3635

Moodle vulnerability CVE-2025-3635 is a CSRF risk in the user tours manager that lets unauthenticated users duplicate existing tours due to lack of CSRF protection. The issue is documented across multiple sources (CVE-2025-3635 entries and related OSV/GHSA advisories) and is specifically describe...

CVE-2025-3635 Moodle: csrf risk in moodle user tours manager allows tour duplication

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery CSRF attacks...