Home > Vulnerability Database > CVE-2025-3641

Mend.io Vulnerability Database

CVE-2025-3641

Good to know:

Date: April 25, 2025

A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.

Severity Score

8.8

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-3641

Url: https://github.com/moodle/moodle

Url: https://moodle.org/mod/forum/discuss.php?d=467602

Url: https://github.com/moodle/moodle/commit/27b839b5c60389623ca8e3496792b43a44527cd6

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2359735

Url: https://access.redhat.com/security/cve/CVE-2025-3641

Url: https://www.mend.io/vulnerability-database/CVE-2025-3641

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.3.12;moodle/moodle - v4.4.8;moodle/moodle - v4.5.4;moodle/moodle - v4.1.18

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-3641

Good to know:

Date: April 25, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?