GHSA-25wf-7x6c-wmpf

Опубликовано: 23 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 5.0.0-beta, < 5.0.3

5.0.3

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.5.0-beta, < 4.5.7

4.5.7

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.11

4.4.11

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-62398

Дефекты

CWE-287

Связанные уязвимости

CVE-2025-62398

CVSS3: 5.4

ubuntu

18 дней назад

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

CVE-2025-62398

CVSS3: 5.4

nvd

18 дней назад

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.

CVE-2025-62398

CVSS3: 5.4

debian

18 дней назад

A serious authentication flaw allowed attackers with valid credentials ...

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-62398

Дефекты

CWE-287