CVE-2025-62393
MEDIUMmoodle 5.0.0-5.0.3 - Improper Access Control in Course Overview Output
Title source: llmDescription
A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-62393
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2404426
Issue Tracking, Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=470381
Scores
CVSS v3
4.3
EPSS
0.0005
EPSS Percentile
16.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (2)
moodle/moodle
5.0.0 - 5.0.3
moodle/moodle
5.0.0-beta - 5.0.3Packagist
Published
Oct 23, 2025
Tracked Since
Feb 18, 2026