CVE-2025-3640

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-3640

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3640.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3640

Aliases

Downstream

UBUNTU-CVE-2025-3640

Published

2025-04-25T15:15:37.757Z

Modified

2026-04-10T05:25:44.081097Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Fixed

2a900d6ed9af75abcdd82f1dbae37d8b06c37bf7

Introduced

fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f

Fixed

73fc31dabf4feb33ef02167bd98063a3ceef89bb

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

f22eed6b67af8d0c25732d549680482e1867cd34

Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

8f0c7bb53cd3ead755e941183e6d3bd0ac717a19

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.18"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.12"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.8"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.4"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.5.0

v3.5.0-beta

v3.5.0-rc1

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.9.0

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v4.*

v4.0.0

v4.0.0-beta

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.0-rc4

v4.1.0

v4.1.0-beta

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.1

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.15

v4.1.16

v4.1.17

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.3.0

v4.3.1

v4.3.10

v4.3.11

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5.0

v4.5.1

v4.5.2

v4.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3640.json"