CVE-2025-26531

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239	Patch
https://moodle.org/mod/forum/discuss.php?d=466148	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

07 Aug 2025, 00:06

Type	Values Removed	Values Added
First Time		Moodle Moodle moodle
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:moodle:moodle::::::::
References	~~() https://moodle.org/mod/forum/discuss.php?d=466148 -~~	() https://moodle.org/mod/forum/discuss.php?d=466148 - Vendor Advisory
References	~~() http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239 -~~	() http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239 - Patch

24 Feb 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-24 20:15

Updated : 2025-08-07 00:06

NVD link : CVE-2025-26531

Mitre link : CVE-2025-26531

JSON object : View

Products Affected

moodle

moodle

CWE

No CWE.

5.3 /10