Can you explain this vulnerability to me?

CVE-2025-62396 is a medium severity vulnerability in Moodle's router script (r.php) caused by improper error handling. When HTTP requests do not include the 'Accept: text/html' header, the router may mistakenly display internal directory listings. This exposes the application's directory structure and potentially sensitive environment information to unauthorized users. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can expose internal directory listings of the Moodle application to unauthorized users, potentially revealing sensitive information about the application's environment. Such exposure can aid attackers in further exploiting the system or understanding its structure, increasing the risk of targeted attacks. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by sending HTTP requests to the Moodle router script (r.php) without the 'Accept: text/html' header and checking if the server returns directory listings. For example, use curl to test this behavior: curl -v -H "Accept:" http://your-moodle-site/path/to/r.php and observe if directory listings are returned instead of normal content. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to upgrade Moodle to versions 4.5.7 or later, or 5.0.3 or later, where this vulnerability has been fixed. Until then, ensure that HTTP requests to r.php include proper 'Accept: text/html' headers or implement web server rules to block requests missing this header to prevent directory listings from being exposed. [1]

Useful 0 Not Useful 0