VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-5xde-3tcf-q3b5

Essentials
Severities (12)
References (6)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5xde-3tcf-q3b5
Aliases	CVE-2025-26532 GHSA-cw24-f6fq-7j9v
Summary	Moodle allows teachers to evade trusttext config when restoring glossary entries Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.
Status	Published
Exploitability	0.5
Weighted Severity	2.8
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-863	Incorrect Authorization
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	3.1	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
ssvc	Track	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-26532
epss	0.00047	https://api.first.org/data/v1/epss?cve=CVE-2025-26532
cvssv3.1	3.1	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle
cvssv3.1	3.1	https://moodle.org/mod/forum/discuss.php?d=466149
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=466149
ssvc	Track	https://moodle.org/mod/forum/discuss.php?d=466149
cvssv3.1	3.1	https://nvd.nist.gov/vuln/detail/CVE-2025-26532
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2025-26532

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003
		https://api.first.org/data/v1/epss?cve=CVE-2025-26532
		https://github.com/moodle/moodle
		https://moodle.org/mod/forum/discuss.php?d=466149
		https://nvd.nist.gov/vuln/detail/CVE-2025-26532
GHSA-cw24-f6fq-7j9v		https://github.com/advisories/GHSA-cw24-f6fq-7j9v

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/ Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=466149

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/ Found at https://moodle.org/mod/forum/discuss.php?d=466149

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-26532

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.14291
EPSS Score	0.00047
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:12:29.871999+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-cw24-f6fq-7j9v/GHSA-cw24-f6fq-7j9v.json	36.1.3