CVE-2025-3637

Moodle: csrf token exposure via url in moodle mod_data module

CVSS 3.1 LOWEPSS 0.3%CWE-598

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Productos afectados

moodle

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65356 https://access.redhat.com/security/cve/CVE-2025-3637 https://bugzilla.redhat.com/show_bug.cgi?id=2359727