{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3625","assignerOrgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","state":"PUBLISHED","assignerShortName":"fedora","dateReserved":"2025-04-15T06:45:25.748Z","datePublished":"2025-04-25T14:42:39.887Z","dateUpdated":"2025-04-25T16:01:25.670Z"},"containers":{"cna":{"title":"Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."}],"affected":[{"versions":[{"status":"affected","version":"4.5.0","lessThan":"4.5.4","versionType":"semver"},{"status":"affected","version":"4.4.0","lessThan":"4.4.8","versionType":"semver"},{"status":"affected","version":"4.3.0","lessThan":"4.3.12","versionType":"semver"}],"packageName":"moodle","collectionURL":"https://git.moodle.org","defaultStatus":"unaffected"}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-3625","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2359690","name":"RHBZ#2359690","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-04-22T12:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-639: Authorization Bypass Through User-Controlled Key","timeline":[{"lang":"en","time":"2025-04-15T06:38:04.957Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-04-22T12:00:00.000Z","value":"Made public."}],"credits":[{"lang":"en","value":"Red Hat would like to thank vi22 for reporting this issue."}],"providerMetadata":{"orgId":"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5","shortName":"fedora","dateUpdated":"2025-04-25T14:42:39.887Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-04-25T15:43:21.330868Z","id":"CVE-2025-3625","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-25T16:01:25.670Z"}}]}}