CVE-2025-32044

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32044

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32044.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32044

Aliases

GHSA-345q-9jmq-g9q4

Downstream

UBUNTU-CVE-2025-32044

Published

2025-04-25T15:15:36Z

Modified

2025-07-29T11:22:15.452219Z

Summary

[none]

Details

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exceptionignoreargs = 1 in the php.ini file are not affected by this vulnerability.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

b3931cdb959b928eefa72cd5638c3a89d221828f

Affected versions

v4.*

v4.5.0

v4.5.1

v4.5.2