VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5j49-k5mk-c7gn

Essentials
Severities (16)
References (8)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5j49-k5mk-c7gn
Aliases	CVE-2025-3627 GHSA-x45j-jq9q-gf3q
Summary	Moodle makes some user data available before completing second factor with MFA enabled A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-287	Improper Authentication
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	4.3	https://access.redhat.com/security/cve/CVE-2025-3627
generic_textual	MODERATE	https://access.redhat.com/security/cve/CVE-2025-3627
ssvc	Track	https://access.redhat.com/security/cve/CVE-2025-3627
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2025-3627
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-3627
cvssv3.1	4.3	https://bugzilla.redhat.com/show_bug.cgi?id=2359692
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=2359692
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2359692
cvssv3.1	4.3	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	4.3	https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits
generic_textual	MODERATE	https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits
cvssv3.1	4.3	https://moodle.org/mod/forum/discuss.php?d=467594
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=467594
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2025-3627
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-3627

Reference id	Reference type	URL
		https://access.redhat.com/security/cve/CVE-2025-3627
		https://api.first.org/data/v1/epss?cve=CVE-2025-3627
		https://bugzilla.redhat.com/show_bug.cgi?id=2359692
		https://github.com/moodle/moodle
		https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits
		https://moodle.org/mod/forum/discuss.php?d=467594
		https://nvd.nist.gov/vuln/detail/CVE-2025-3627
GHSA-x45j-jq9q-gf3q		https://github.com/advisories/GHSA-x45j-jq9q-gf3q

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2025-3627

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/ Found at https://access.redhat.com/security/cve/CVE-2025-3627

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359692

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359692

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=467594

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-3627

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.17058
EPSS Score	0.00054
Published At	July 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:12:09.531977+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-x45j-jq9q-gf3q/GHSA-x45j-jq9q-gf3q.json	36.1.3