CVE-2025-62400

MEDIUM

Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Unauthorized Exposure of Hidden Group Names via Calendar Event Creation

Title source: llm
STIX 2.1

Description

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

References (2)

Core 2
Core References
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-62400
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2404433

Scores

CVSS v3 4.3
EPSS 0.0006
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (2)
moodle/moodle 4.1.0 - 4.1.21
moodle/moodle 5.0.0-beta - 5.0.3Packagist
Published Oct 23, 2025
Tracked Since Feb 18, 2026