CVE-2025-26531

Published: Feb 24, 2025Modified: Aug 7, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

Affected (4)

Products: Moodle: Moodle

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 4.1.0 to 4.1.16
Moodle Moodle	From 4.3.0 to 4.3.10
Moodle Moodle	From 4.4.0 to 4.4.6
Moodle Moodle	From 4.5.0 to 4.5.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239

Source: patrick@puiterwijk.org

Patch

https://moodle.org/mod/forum/discuss.php?d=466148

Source: patrick@puiterwijk.org

Vendor Advisory

Timeline

No history available yet.