CVE-2025-62401
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-11-14

Assigner: Fedora Project

Description
An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-11-14
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62401
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.1.0 (inc) to 4.1.21 (exc)
moodle moodle From 4.4.0 (inc) to 4.4.11 (exc)
moodle moodle From 4.5.0 (inc) to 4.5.7 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Moodle's timed assignment feature allows students to bypass the time restrictions set for completing assessments. By exploiting specific behaviors or requests, students can gain more time than intended, potentially compromising the fairness and integrity of the assessment process. [1]

Impact Analysis

The vulnerability can impact you by allowing students to unfairly extend the time they have to complete timed assignments, which compromises assessment fairness and integrity. This could lead to inaccurate evaluation of student performance and undermine trust in the educational process. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update Moodle to a fixed version. The issue is resolved in Moodle versions 5.0.3, 4.5.7, 4.4.11, and 4.1.21 or later. Applying these updates will prevent users from bypassing timed assignment restrictions. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62401. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart