A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2025-3642 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2359738 | Issue Tracking |
https://moodle.org/mod/forum/discuss.php?d=467603 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jun 2025, 16:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2025-3642 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2359738 - Issue Tracking | |
References | () https://moodle.org/mod/forum/discuss.php?d=467603 - Vendor Advisory | |
First Time |
Moodle moodle
Moodle |
|
CPE | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
29 Apr 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Apr 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-25 15:15
Updated : 2025-06-24 16:09
NVD link : CVE-2025-3642
Mitre link : CVE-2025-3642
CVE.ORG link : CVE-2025-3642
JSON object : View
Products Affected
moodle
- moodle
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')