Browse all 9 CVE security advisories affecting Moodle Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Moodle is an open-source learning platform used by educational institutions worldwide to deliver online courses and manage academic content. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. While no major security incidents have been widely documented, the platform's 9 recorded CVEs highlight ongoing security concerns, particularly in areas related to file uploads and user permissions. Regular updates and proper configuration are essential to mitigate risks, as the platform's widespread adoption makes it a potential target for attackers seeking access to educational data or infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26533 | SQL injection risk in course search module list filter — moodleCWE-89 | 8.1 | High | 2025-02-24 |
| CVE-2025-26532 | Teachers can evade trusttext config when restoring glossary entries — moodleCWE-863 | 3.1 | Low | 2025-02-24 |
| CVE-2025-26531 | IDOR in badges allows disabling of arbitrary badges — moodleCWE-863 | 3.1 | Low | 2025-02-24 |
| CVE-2025-26530 | Reflected XSS via question bank filter — moodleCWE-79 | 8.3 | High | 2025-02-24 |
| CVE-2025-26529 | Stored XSS risk in admin live log — moodleCWE-79 | 8.3 | High | 2025-02-24 |
| CVE-2025-26528 | Stored XSS in ddimageortext question type — moodleCWE-79 | 3.4 | Low | 2025-02-24 |
| CVE-2025-26527 | Non-searchable tags can still be discovered on the tag search page and in the tags block — moodleCWE-1230 | 5.3 | Medium | 2025-02-24 |
| CVE-2025-26526 | Feedback response viewing and deletions did not respect Separate Groups mode — moodleCWE-863 | 6.5 | Medium | 2025-02-24 |
| CVE-2025-26525 | Arbitrary file read risk through pdfTeX — moodleCWE-552 | 8.6 | High | 2025-02-24 |
This page lists every published CVE security advisory associated with Moodle Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.