Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 23 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 23 Oct 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks. | |
Title | Moodle: password brute force risk when mobile/web services enabled | |
Weaknesses | CWE-307 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: fedora
Published:
Updated: 2025-10-23T14:52:02.496Z
Reserved: 2025-10-13T10:12:30.925Z
Link: CVE-2025-62399

Updated: 2025-10-23T14:51:51.308Z

Status : Received
Published: 2025-10-23T12:15:32.573
Modified: 2025-10-23T12:15:32.573
Link: CVE-2025-62399

No data.

No data.