Platform
php
Component
moodle/moodle
Opgelost in
4.5.4
4.4.8
4.3.12
4.1.18
4.1.18
CVE-2025-3635 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Moodle. This flaw allows unauthenticated attackers to duplicate existing tours within the Moodle platform, potentially leading to unauthorized content modification or disruption. The vulnerability affects Moodle versions up to and including 4.1.9. A fix is available in version 4.1.18.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to create unauthorized copies of existing tours. Tours are often used to guide new users through Moodle's features or provide structured learning paths. An attacker could leverage this to create misleading or malicious tours, potentially confusing users or disrupting the learning experience. While the impact is considered LOW due to the lack of direct data compromise, the potential for disruption and reputational damage should not be underestimated. The duplication could also be used to create a large number of tours, potentially impacting Moodle's performance.
CVE-2025-3635 was published on April 25, 2025. The vulnerability's CVSS score is LOW (3.5), indicating a relatively low probability of exploitation. There are currently no publicly known Proof-of-Concept (POC) exploits. It is not listed on KEV or EPSS, suggesting a low level of active exploitation. Monitor security advisories and community forums for any updates regarding exploitation attempts.
Exploit Status
EPSS
0.12% (31% percentiel)
CISA SSVC
CVSS-vector
The recommended mitigation for CVE-2025-3635 is to upgrade Moodle to version 4.1.18 or later. If upgrading immediately is not possible, consider implementing a temporary workaround by enabling CSRF protection for tour duplication functionality. This might involve custom code or plugins, depending on Moodle's architecture and available extensions. Review existing tour configurations and monitor for any unexpected duplication activity. Consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests targeting the tour duplication endpoint.
Werk Moodle bij naar de laatste beschikbare versie. Versies 4.5.4, 4.4.8, 4.3.12 en 4.1.18 corrigeren de CSRF kwetsbaarheid die ongeautoriseerde tour duplicatie mogelijk maakt. De update voorkomt de exploitatie van deze kwetsbaarheid.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-3635 is a Cross-Site Request Forgery (CSRF) vulnerability in Moodle versions up to 4.1.9, allowing unauthorized tour duplication without login.
You are affected if you are running Moodle versions 4.1.9 or earlier. Upgrade to 4.1.18 or later to resolve the vulnerability.
Upgrade Moodle to version 4.1.18 or later. As a temporary workaround, consider enabling CSRF protection for tour duplication functionality.
Currently, there are no publicly known Proof-of-Concept exploits or reports of active exploitation, but ongoing monitoring is recommended.
Refer to the official Moodle security advisory at [https://security.moodle.org/ - replace with actual URL when available].
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.