A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.18 or 4.3.x prior to 4.3.12 or 4.4.x prior to 4.4.8 or 4.5.x prior to 4.5.4. It is, therefore, affected by multiple vulnerabilities :

- Additional checks were required to ensure users can only fetch cohort data they are intended to have access to.

- Insufficient capability checks in a messaging web service made it possible to view other users' names and online status.

- Additional checks were required to prevent users deleting course sections they did not have permission to modify.

- The return URL in the policy tool required extra sanitizing to prevent a reflected XSS risk.

- A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default this was only available to teachers and managers, on sites with the EQUELLA repository enabled.

- A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default this was only available to teachers and managers, on sites with the Dropbox repository enabled.

- Insufficient capability checks made it possible for a user enrolled in a course to access some details (full name and profile image URL) of other users they did not have permission to access.

- The analysis request action in the Brickfield tool did not include the necessary token to prevent a CSRF risk.

- A user's CSRF token was unnecessarily included in the URL on the database module's edit and delete pages.

- Insufficient capability checks made it possible to view RSS feed content a user does not have permission to access.

- The user tours duplicate tour action did not include the necessary token to prevent a CSRF risk.

- On sites with Multi-Factor Authentication enabled, it was possible to use course self enrolment after passing only the first login factor (such as passing a username/password check). The user should also have to pass a second login factor before gaining access to self enrolment.

- Additional capability checks were required to prevent teachers from being able to identify a user's anonymous assignment submissions via the submissions search.

- On sites with Multi-Factor Authentication enabled, it was possible for a user to access some of their data after passing only the first login factor (such as passing a username/password check). The user should have to also pass a second factor check before gaining access to that data.

- A missing check in the Multi-Factor Authentication email factor's revoke/cancel action could lead to a Denial of Service risk for users logging in who have email as their only available second factor. If exploited, the impacted user's name was disclosed.

- Insufficient sanitizing in an undocumented MimeTeX command resulted in a remote code execution risk for sites using MimeTeX (via the TeX Notation filter).

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ccb1a36fcb advisory.

    Latest updates.



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-edd8ed2afc advisory.

    Latest updates.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b23cb4c239 advisory.

    Latest updates.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
114897	Moodle 4.5.x < 4.5.4 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
114896	Moodle 4.4.x < 4.4.8 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
114895	Moodle 4.3.x < 4.3.12 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
114894	Moodle 4.1.x < 4.1.18 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
237917	Fedora 42 : moodle (2025-ccb1a36fcb)	Nessus	Fedora Local Security Checks	medium
234730	Fedora 41 : moodle (2025-edd8ed2afc)	Nessus	Fedora Local Security Checks	medium
234726	Fedora 40 : moodle (2025-b23cb4c239)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2025-3642

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium