CVE-2025-62393
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-11-14
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | From 5.0.0 (inc) to 5.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in Moodle's course overview output function where user access permissions are not fully enforced. It allows authenticated users to view metadata or limited details about courses they are not authorized to access, exposing restricted course information. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users with valid Moodle accounts to access limited information about courses they should not see. This exposure of restricted course details could lead to information leakage and potential misuse of course metadata. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if your Moodle installation is version 5.0 through 5.0.2, which are vulnerable. Since exploitation requires an authenticated user, monitoring logs for unusual access patterns to course overview metadata by users without proper permissions may help. There are no specific commands provided for detection in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Moodle to version 5.0.3 or later, where the vulnerability has been fixed. Additionally, review user permissions to ensure proper access controls are enforced until the upgrade is applied. [1]