CVE-2025-62393

MEDIUM

Moodle < 5.0.3 - Improper Access Control

Title source: rule

Description

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

References (3)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2025-62393

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2404426

[Issue Tracking, Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=470381

Scores

CVSS v3 4.3

EPSS 0.0004

EPSS Percentile 13.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-284

Status published

Affected Products (2)

moodle/moodle < 5.0.3

moodle/moodle < 5.0.3Packagist

Timeline

Published Oct 23, 2025

Tracked Since Feb 18, 2026