CVE-2025-67857

Source
https://cve.org/CVERecord?id=CVE-2025-67857
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67857.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67857
Aliases
Downstream
Published
2026-02-03T10:52:22.459Z
Modified
2026-07-08T08:12:43.920625736Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Moodle: moodle: data exposure of user identifiers in urls
Details

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

Database specific
{
    "cna_assigner": "fedora",
    "cwe_ids": [
        "CWE-201"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67857.json"
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.22"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.12"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.8"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.4"
        },
        {
            "introduced": "5.1.0"
        },
        {
            "fixed": "5.1.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

5.*
5.1.0-NA
v4.*
v4.1.0
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.2
v4.1.20
v4.1.21
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.4.0
v4.4.1
v4.4.10
v4.4.11
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v4.4.9
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.5.6
v4.5.7
v5.*
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67857.json"