CVE-2025-26525

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-26525
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26525.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-26525
Aliases
Downstream
Published
2025-02-24T20:15:33.103Z
Modified
2026-04-10T05:23:34.522378Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0ea3d45e04c3d54a3a472ddcb11606b30e227c50
Fixed
4ab2ebfd5274abebc4b9b1527d13a5af70c6585d
Introduced
fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f
Fixed
f4f9dd8eac286f1880738100afd71c585215f31f
Introduced
ee91c6536f99e1633e2245780c4fe7f47340ed66
Fixed
56a037e76606514584136e3c13e7ed4f53f34597
Introduced
52c0da7c647bd6ba8c5f61882d88959821a1fb41
Fixed
cd6600da14290f2ab097aba8ce9d107e21c21fff
Database specific 
{
    "versions": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.16"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.10"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.6"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.2"
        }
    ]
}

Affected versions

v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.5.0
v4.5.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26525.json"