Moodle: hidden group names visible to event creators_CVE-2025-62400

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

Basic Information

ID CVE-2025-62400

Source fedora

Published Oct 23, 2025 at 11:28

Affected Product

Version 4.1.0

Affected Versions 5.0.0
4.5.0
4.4.0
4.1.0

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.",
    "published": "2025-10-23T11:28:43.890Z",
    "modified": "2025-10-23T11:28:43.890Z",
    "type": "cve",
    "title": "Moodle: hidden group names visible to event creators",
    "source": "fedora",
    "references": "https://access.redhat.com/security/cve/CVE-2025-62400\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2404433",
    "id": "CVE-2025-62400",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "  5.0.0\n  4.5.0\n  4.4.0\n  4.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "",
    "version": "4.1.0",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}