CVE-2025-62397

Moodle: router produces json instead of 404 error for invalid course id

Router produces JSON instead of 404 error when passed a non-existent course ID

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

Mögliche Gegenmaßnahme

Moodle Server: Update to a patched version.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Moodle ≫ Moodle Version >= 5.0.0 < 5.0.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemMoodle

≫

Produkt Moodle Server

Version >= 5.0.0, < 5.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
patrick@puiterwijk.org	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

Third Party Advisory

Third Party Advisory

Issue Tracking

Third Party Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform