CVE-2025-26532

Published: Feb 24, 2025Modified: Aug 6, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

Affected (4)

Products: Moodle: Moodle

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 4.1.0 to 4.1.16
Moodle Moodle	From 4.3.0 to 4.3.10
Moodle Moodle	From 4.4.0 to 4.4.6
Moodle Moodle	From 4.5.0 to 4.5.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003

Source: patrick@puiterwijk.org

Patch

https://moodle.org/mod/forum/discuss.php?d=466149

Source: patrick@puiterwijk.org

Vendor Advisory

Timeline

No history available yet.