CVE-2025-62400
Moodle: hidden group names visible to event creators
4.3
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
How to fix CVE-2025-62400
To remediate CVE-2025-62400, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 4.1.21 or later
- —upgrade to 5.0.3 or later
Is CVE-2025-62400 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 4.1.0, < 4.1.21, >= 4.4.0, < 4.4.11, >= 4.5.0, < 4.5.7, >= 5.0.0, < 5.0.3
- >= 5.0.0-beta, < 5.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |