CVE-2025-32044

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-32044
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32044.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-32044
Aliases
Related
Published
2025-04-25T15:15:36Z
Modified
2025-06-27T11:04:59.986293Z
Summary
[none]
Details

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exceptionignoreargs = 1 in the php.ini file are not affected by this vulnerability.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events

Affected versions

v4.*

v4.5.0
v4.5.1
v4.5.2