CVE-2025-67857

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67857
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67857.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67857
Aliases
Downstream
Published
2026-02-03T11:15:56.090Z
Modified
2026-03-02T08:04:36.072804Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ae9958caf7d0f2b4281abbe8736fe78d96342ca1
Introduced
45798c7c70ca9deaf8f2c4c352ca314f16d30b53
Fixed
93ee606ed814d99865c7ad17b69cb1bb84f18c57
Introduced
52c0da7c647bd6ba8c5f61882d88959821a1fb41
Fixed
48c9857449da61ee1efa89e679c30efb58d72484
Introduced
f1c169b32feed42eef9e15de6a9c5ab0aa997d79
Fixed
5fa8d98494296bf00870c710321d748fdeb81aef

Affected versions

v4.*
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.5.6
v4.5.7
v5.*
v5.0.0
v5.0.0-beta
v5.0.0-rc1
v5.0.0-rc2
v5.0.0-rc3
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67857.json"