CVE-2025-3643

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3643	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359742	Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=467604	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

24 Jun 2025, 15:59

Type	Values Removed	Values Added
First Time		Moodle Moodle moodle
CPE		cpe:2.3:a:moodle:moodle::::::::
References	~~() https://access.redhat.com/security/cve/CVE-2025-3643 -~~	() https://access.redhat.com/security/cve/CVE-2025-3643 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2359742 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2359742 - Issue Tracking
References	~~() https://moodle.org/mod/forum/discuss.php?d=467604 -~~	() https://moodle.org/mod/forum/discuss.php?d=467604 - Vendor Advisory

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en Moodle. La URL de retorno en la herramienta de políticas requería una limpieza adicional para evitar un riesgo de cross-site scripting (XSS) reflejado.

25 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 15:59

NVD link : CVE-2025-3643

Mitre link : CVE-2025-3643

CVE.ORG link : CVE-2025-3643

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-3643", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-04-25T15:15:38.147", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3643", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742", "tags": ["Issue Tracking"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=467604", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk."}, {"lang": "es", "value": "Se detect\u00f3 una falla en Moodle. La URL de retorno en la herramienta de pol\u00edticas requer\u00eda una limpieza adicional para evitar un riesgo de cross-site scripting (XSS) reflejado."}], "lastModified": "2025-06-24T15:59:06.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245F0D61-A209-4129-AEA5-C8E1600F5202", "versionEndExcluding": "4.1.18"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A", "versionEndExcluding": "4.3.12", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}