CVE-2025-34031

CVE-2025-34031 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Dionach Ltd. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates directory traversal, SSRF, and XSS vulnerabilities in the Moodle filter_jmol plugin due to unvalidated user input in the PHP proxy script. It also includes a proof of concept for malware distribution via base64-encoded payloads.

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.