A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-12516 A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Github GHSA Github GHSA GHSA-pj96-xh2w-fgqx Moodle has an IDOR in messaging web service which allows access to some user details
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 24 Jun 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
CPEs cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Vendors & Products Moodle
Moodle moodle

Fri, 25 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 25 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Title Moodle: idor in messaging web service allows access to some user details
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2025-04-28T16:28:39.820Z

Reserved: 2025-04-15T13:05:26.013Z

Link: CVE-2025-3645

cve-icon Vulnrichment

Updated: 2025-04-25T15:42:50.347Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-25T15:15:38.410

Modified: 2025-06-24T15:59:22.560

Link: CVE-2025-3645

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-06-24T09:44:19Z