heise PlusAbo
Anzeige

Security updates: Moodle learning platform vulnerable in many ways

The Moodle developers have closed several security gaps. So far there have been no reports of attacks.

listen Print view
Cubes with letters spell out "CYBERCRIME"; a Finge is turning some letters around to make it "CYBERSECURITY".

(Image: Dmitry Demidovich/Shutterstock.com)

1 min. read
Security
By

To prevent possible attacks, admins should update their Moodle instances to the latest version as quickly as possible. If this is not done, attackers can exploit several vulnerabilities and, in the worst case, compromise systems.

“Serious” risk

As can be seen from the security section of the Moodle website, the developers have closed a total of ten security gaps. Even though an official classification according to the CVSS standard is obviously still pending, the developers classify the risk posed by four vulnerabilities (CVE-2025-26525, CVE-2025-26533, CVE-2025-26529, CVE-2025-26530) as “serious”.

If attackers successfully exploit the vulnerabilities, they can, among other things, view data that is actually sealed off or even execute malicious code. The developers state that they have solved the security problems in the following versions:

  • 4.3.10
  • 4.4.6
  • 4.5.2

Videos by heise

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten