vulnerability
Moodle: Unspecified Security Vulnerability (CVE-2024-25980)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Feb 19, 2024 | Jan 27, 2025 | Aug 1, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Feb 19, 2024
Added
Jan 27, 2025
Modified
Aug 1, 2025
Description
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Solutions
moodle-upgrade-4_1_9moodle-upgrade-4_2_6moodle-upgrade-4_3_3
References
- CVE-2024-25980
- https://attackerkb.com/topics/CVE-2024-25980
- URL-http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2264096
- URL-https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/
- URL-https://moodle.org/mod/forum/discuss.php?d=455636
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.