CVE-2025-62397
MEDIUMMoodle < 5.0.3 - Error Information Exposure
Title source: ruleDescription
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
Scores
CVSS v3
5.3
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-209
Status
published
Affected Products (1)
moodle/moodle
< 5.0.3
Timeline
Published
Oct 23, 2025
Tracked Since
Feb 18, 2026