Vulnerability DatabaseCVE-2025-62396
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-62396
October 23, 2025
An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
Affected Packages
moodle/moodle (PHP):
Affected version(s) >=v4.5.0 <v4.5.7
Fix Suggestion:
Update to version v4.5.7
moodle/moodle (PHP):
Affected version(s) >=v5.0.0 <v5.0.3
Fix Suggestion:
Update to version v5.0.3
Related ResourcesĀ (7)
https://github.com/moodle/moodle
https://nvd.nist.gov/vuln/detail/CVE-2025-62396
https://bugzilla.redhat.com/show_bug.cgi?id=2404429
https://access.redhat.com/security/cve/CVE-2025-62396
https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e
https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce
https://moodle.org/mod/forum/discuss.php?d=470385
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Exposure of Information Through Directory Listing
CWE-548
EPSS
Base Score:
0.05