CVE-2025-32044

High CVSS: 7.5

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

Vendor

Moodle

Product

Moodle

CWE

CWE-200

Yayın Tarihi

2025-04-25 15:15:36

Güncelleme

2025-06-24 16:16:26

Source Identifier

patrick@puiterwijk.org

KEV Date Added

Kategoriler

CWE-200 Moodle HIGH Moodle 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-32044 https://bugzilla.redhat.com/show_bug.cgi?id=2356829

Benzer Kayıtlar

High

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration…

Medium

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimete…

High

CVE-2026-26045

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly va…

Medium

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs…

High

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt…

High

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks o…