Test ID:	1.3.6.1.4.1.25623.1.0.154053
Category:	Web application abuses
Title:	Moodle Multiple Vulnerabilities (Feb 2025)
Summary:	Moodle is prone to multiple vulnerabilities.
Description:	Summary: Moodle is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2025-26525 / MSA-25-0001: Arbitrary file read risk through pdfTeX - CVE-2025-26526 / MSA-25-0002: Feedback response viewing and deletions did not respect Separate Groups mode - CVE-2025-26527 / MSA-25-0003: Non-searchable tags can still be discovered on the tag search page and in the tags block - CVE-2025-26528 / MSA-25-0004: Stored XSS in ddimageortext question type - CVE-2025-26529 / MSA-25-0005: Stored XSS risk in admin live log - CVE-2024-38999 / MSA-25-0007: Vulnerability in RequireJS - CVE-2025-26531 / MSA-25-0008: IDOR in badges allows disabling of arbitrary badges - CVE-2025-26532 / MSA-25-0009: Teachers can evade trusttext config when restoring glossary entries - CVE-2025-26533 / MSA-25-0010: SQL injection risk in course search module list filter Affected Software/OS: Moodle version 4.1.15, 4.3 through 4.3.9, 4.4 through 4.4.5 and 4.5 through 4.5.1. Solution: Update to version 4.1.16, 4.3.10, 4.4.6, 4.5.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-38999 Common Vulnerability Exposure (CVE) ID: CVE-2025-26525 Common Vulnerability Exposure (CVE) ID: CVE-2025-26526 Common Vulnerability Exposure (CVE) ID: CVE-2025-26527 Common Vulnerability Exposure (CVE) ID: CVE-2025-26528 Common Vulnerability Exposure (CVE) ID: CVE-2025-26529 Common Vulnerability Exposure (CVE) ID: CVE-2025-26531 Common Vulnerability Exposure (CVE) ID: CVE-2025-26532 Common Vulnerability Exposure (CVE) ID: CVE-2025-26533
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.