Moodle 2FA Bypass via Sensitive Data Leakage: CVE-2025-3625 April 2025

Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

Vulnerability Analysis

CVE-2025-3625 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

HIGH

Timeline

2025-04-15

Reported to Red Hat.

2025-04-22

Made public. 7 days later.

Weakness Type

What is an Insecure Direct Object Reference / IDOR Vulnerability?

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE-2025-3625 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.

Products Associated with CVE-2025-3625

Want to know whenever a new CVE is published for Moodle? stack.watch will email you.

Exploit Probability

EPSS

0.27%

Percentile

50.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.