CVE-2025-3636

EUVD-2025-12525
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
< 4.1.18
moodlemoodle
4.3.0 ≤
𝑥
< 4.3.12
moodlemoodle
4.4.0 ≤
𝑥
< 4.4.8
moodlemoodle
4.5.0 ≤
𝑥
< 4.5.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499
https://access.redhat.com/security/cve/CVE-2025-3636
https://bugzilla.redhat.com/show_bug.cgi?id=2359726