Moodle: moodle: data exposure of user identifiers in urls

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Description

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

Basic Information

ID CVE-2025-67857

Source fedora

Published Feb 3, 2026 at 10:52

Affected Product

Version 5.1.0

Affected Versions 4.1.0
4.4.0
4.5.0
5.0.0
5.1.0

CWE Classification

CWE-201

References

{
    "lastseen": "",
    "description": "A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.",
    "published": "2026-02-03T10:52:22.459Z",
    "modified": "2026-02-03T10:52:22.459Z",
    "type": "cve",
    "title": "Moodle: moodle: data exposure of user identifiers in urls",
    "source": "fedora",
    "references": "https://access.redhat.com/security/cve/CVE-2025-67857\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2423868\nhttps://moodle.org/mod/forum/discuss.php?d=471307",
    "id": "CVE-2025-67857",
    "bulletinFamily": "",
    "cwe": [
        "CWE-201"
    ],
    "cvelist": null,
    "sourceData": "  4.1.0\n  4.4.0\n  4.5.0\n  5.0.0\n  5.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "",
    "version": "5.1.0",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Moodle: moodle: data exposure of user identifiers in urls_CVE-2025-67857