Home

Description

A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.

PUBLISHED Reserved 2025-04-15 | Published 2025-04-25 | Updated 2025-04-28 | Assigner fedora




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

Incorrect Authorization

Product status

Default status
unaffected

4.5.0 (semver) before 4.5.4
affected

4.4.0 (semver) before 4.4.8
affected

4.3.0 (semver) before 4.3.12
affected

4.1.0 (semver) before 4.1.18
affected

Timeline

2025-04-15:Reported to Red Hat.
2025-04-22:Made public.

Credits

Red Hat would like to thank James E. Calder for reporting this issue.

References

access.redhat.com/security/cve/CVE-2025-3644 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2359745 (RHBZ#2359745) issue-tracking

moodle.org/mod/forum/discuss.php?d=467605

cve.org (CVE-2025-3644)

nvd.nist.gov (CVE-2025-3644)

Download JSON