GHSA-25wf-7x6c-wmpf

Source

https://github.com/advisories/GHSA-25wf-7x6c-wmpf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-25wf-7x6c-wmpf/GHSA-25wf-7x6c-wmpf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-25wf-7x6c-wmpf

Aliases

Published

2025-10-23T12:31:17Z

Modified

2025-11-18T00:27:49.448266Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Moodle does not properly enforce MFA

Details

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-287"
    ],
    "nvd_published_at": "2025-10-23T12:15:32Z",
    "github_reviewed_at": "2025-10-24T17:43:16Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0-beta

Fixed

5.0.3

Affected versions

v5.*

v5.0.0-beta

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.0

v5.0.1

v5.0.2

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0-beta

Fixed

4.5.7

Affected versions

v4.*

v4.5.0-beta

v4.5.0-rc1

v4.5.0-rc2

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0-beta

Fixed

4.4.11

Affected versions

v4.*

v4.4.0-beta

v4.4.0-rc1

v4.4.0-rc2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.4.10