Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-56wj-4124-ryd2
Vulnerability ID VCID-56wj-4124-ryd2
Aliases CVE-2020-25629
GHSA-f5r8-7h4f-jr9x
Summary Improper Access Control A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-862 Missing Authorization
System Score Found at
epss 0.00554 https://api.first.org/data/v1/epss?cve=CVE-2020-25629
cvssv3.1 8.8 https://github.com/moodle/moodle
generic_textual HIGH https://github.com/moodle/moodle
cvssv3.1 8.8 https://moodle.org/mod/forum/discuss.php?d=410841
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=410841
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25629
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-25629
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-25629
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=410841
CVE-2020-25629 https://nvd.nist.gov/vuln/detail/CVE-2020-25629
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://moodle.org/mod/forum/discuss.php?d=410841
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-25629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68448
EPSS Score 0.00554
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:20:39.142346+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2020-25629.yml 38.6.0