CVE-2025-3644

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3644	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359745	Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=467605	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

24 Jun 2025, 15:59

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en Moodle. Se requirieron comprobaciones adicionales para evitar que los usuarios eliminaran secciones del curso que no tenían permiso para modificar.
References	~~() https://access.redhat.com/security/cve/CVE-2025-3644 -~~	() https://access.redhat.com/security/cve/CVE-2025-3644 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2359745 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2359745 - Issue Tracking
References	~~() https://moodle.org/mod/forum/discuss.php?d=467605 -~~	() https://moodle.org/mod/forum/discuss.php?d=467605 - Vendor Advisory
First Time		Moodle Moodle moodle
CPE		cpe:2.3:a:moodle:moodle::::::::

25 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 15:59

NVD link : CVE-2025-3644

Mitre link : CVE-2025-3644

CVE.ORG link : CVE-2025-3644

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-3644", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-04-25T15:15:38.280", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3644", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745", "tags": ["Issue Tracking"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=467605", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Moodle. Se requirieron comprobaciones adicionales para evitar que los usuarios eliminaran secciones del curso que no ten\u00edan permiso para modificar."}], "lastModified": "2025-06-24T15:59:15.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245F0D61-A209-4129-AEA5-C8E1600F5202", "versionEndExcluding": "4.1.18"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A", "versionEndExcluding": "4.3.12", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}