The vulnerability resides in Moodle’s TeX formula editor. When a user renders TeX content using the mimetex engine, the system does not enforce strict execution time limits. An attacker can supply specially crafted formulas that consume an excessive amount of CPU and memory, ultimately exhausting server resources and halting normal operation. This flaw permits a logged‑in user to degrade performance or to trigger a service outage, effectively achieving a denial‑of‑service condition. The weakness reflects uncontrolled resource consumption (CWE‑400) and excessive allocation of resources (CWE‑770).

The affected product is Moodle, as indicated by the CPE string and the vendor/product naming. The description does not specify particular release numbers, so all publicly available Moodle versions that include the TeX formula editor are potentially impacted. Administrators should verify which Moodle release they run and compare it against the vendor’s security advisories for patches.

The CVSS score of 6.5 denotes a moderate severity vulnerability. The EPSS score of less than 1% indicates that exploitation is currently considered unlikely, yet the vulnerability is exploitable by any authenticated user. Attackers would need an active session with write permissions to the TeX editor and would craft a formula designed to flood CPU or memory. No proof‑of‑concept code is publicly available, and the issue has not been listed in CISA’s KEV catalog, suggesting no widespread, actively exploited weaponization to date. Nevertheless, administrators should treat this as a risk for service continuity.