CVE-2025-62401
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-11-14
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | From 4.1.0 (inc) to 4.1.21 (exc) |
| moodle | moodle | From 4.4.0 (inc) to 4.4.11 (exc) |
| moodle | moodle | From 4.5.0 (inc) to 4.5.7 (exc) |
| moodle | moodle | From 5.0.0 (inc) to 5.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Moodle's timed assignment feature allows students to bypass the time restrictions set for completing assessments. By exploiting specific behaviors or requests, students can gain more time than intended, potentially compromising the fairness and integrity of the assessment process. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing students to unfairly extend the time they have to complete timed assignments, which compromises assessment fairness and integrity. This could lead to inaccurate evaluation of student performance and undermine trust in the educational process. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update Moodle to a fixed version. The issue is resolved in Moodle versions 5.0.3, 4.5.7, 4.4.11, and 4.1.21 or later. Applying these updates will prevent users from bypassing timed assignment restrictions. [1]