Educational

In Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier a low severity vulnerability CVE-2025-26531 was detected. This vulnerability arises from insufficient capability checks within the badge management system, allowing attackers to exploit an Insecure Direct Object Reference (IDOR) and disable arbitrary badges. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26531.

In Moodle version 4.5.0 a low severity vulnerability CVE-2025-26532 was detected. This vulnerability arises from insufficient checks in the glossary restoration process, allowing teachers to bypass trusttext configurations when restoring glossary entries. To address this issue, users should upgrade Moodle to version 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26532.

In Moodle versions from 4.3.0-beta to 4.5.0-beta a high severity vulnerability CVE-2025-26533 was detected. This vulnerability arises from an SQL injection risk in the module list filter within the course search functionality, allowing attackers to manipulate SQL queries and potentially access sensitive data or compromise the system. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10, or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26533.

In Moodle versions up to 4.1.15, 4.3.9, 4.4.5 and 4.5.1 a high severity vulnerability CVE-2025-26529 was detected. This vulnerability arises from insufficient sanitization of input in the Site Administration Live Log, leading to a stored Cross-Site Scripting (XSS) risk. To address this issue, users should upgrade Moodle to versions 4.1.16, 4.3.10, 4.4.6 or 4.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26529.

In Moodle versions up to 4.5.1 a high severity vulnerability CVE-2025-26530 was detected. This vulnerability results from insufficient sanitization in the question bank filter, allowing attackers to craft malicious URLs that execute arbitrary JavaScript in the victim’s browser. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6 or 4.3.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26530.

In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26526 was detected. This vulnerability compromises the integrity of response viewing and deletion in Separate Groups mode within the platform’s feedback module. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26526.

In Moodle versions up to 4.5.2 a medium severity vulnerability CVE-2025-26527 was detected. This vulnerability arises from the improper handling of non-searchable tags, allowing users who should not have access to certain tags to still discover them through the tag search page or the tags block. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26527.

In Moodle versions up to 4.5.2 a low severity vulnerability CVE-2025-26528 was detected. This vulnerability stems from insufficient input sanitization in the ddimageortext question type, allowing attackers to inject malicious scripts that are executed when other users access the affected content. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26528.

In Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, and 4.1.16 a high severity vulnerability CVE-2025-26525 was detected. This vulnerability allows attackers to exploit insufficient sanitization in the TeX notation filter when pdfTeX is available, leading to arbitrary file read risks on Moodle installations using TeX Live. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26525.