Home > Vulnerability Database > CVE-2025-62396

Mend.io Vulnerability Database

CVE-2025-62396

Good to know:

Date: October 23, 2025

An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.

Severity Score

5.3

Related Resources (8)

Url: https://access.redhat.com/security/cve/CVE-2025-62396

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/5d4910509eeaac8403d18ec8f259e29d2f11527e

Url: https://github.com/moodle/moodle/commit/5e7d5abc483d0511ebfc2042075eabcc392ff4ce

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2404429

Url: https://moodle.org/mod/forum/discuss.php?d=470385

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-62396

Url: https://www.mend.io/vulnerability-database/CVE-2025-62396

Severity Score

5.3

Weakness Type (CWE)

Exposure of Information Through Directory Listing

CWE-548

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.5.7;moodle/moodle - v5.0.3

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-62396

Good to know:

Date: October 23, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?