CVE-2025-26532

Source
https://cve.org/CVERecord?id=CVE-2025-26532
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26532.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-26532
Aliases
Downstream
Published
2025-02-24T20:05:21.153Z
Modified
2026-07-08T06:38:34.745593216Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Teachers can evade trusttext config when restoring glossary entries
Details

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.5.0"
                },
                {
                    "fixed": "4.5.2"
                },
                {
                    "introduced": "4.4.0"
                },
                {
                    "fixed": "4.4.6"
                },
                {
                    "introduced": "4.3.0"
                },
                {
                    "fixed": "4.3.10"
                },
                {
                    "introduced": "4.1.0"
                },
                {
                    "fixed": "4.1.16"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/26xxx/CVE-2025-26532.json",
    "cna_assigner": "fedora",
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.16"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.10"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.6"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.2"
        }
    ]
}

Affected versions

v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v4.3.9
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.5.0
v4.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26532.json"