CVE-2025-32044

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user dataincluding names, contact information, and hashed passwordsvia stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
fedoraCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
plucky
dne
oracular
dne
noble
dne
jammy
dne
focal
dne
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-32044
https://bugzilla.redhat.com/show_bug.cgi?id=2356829