Vulnerabilities: Attacks on the Moodle learning platform may be imminent
Several software vulnerabilities endanger Moodle instances. Security updates are available for download.
(Image: Tatiana Popova/Shutterstock.com)
Attackers can exploit several security vulnerabilities in the Moodle learning platform and, in the worst case, completely compromise systems. Admins should install the available security patches promptly.
The most dangerous security vulnerabilities
As can be seen from the security section of the Moodle website, the developers have closed several vulnerabilities in current versions. Three vulnerabilities (CVE-2025-3641, CVE-2025-3642, CVE-2025-3625) are classified as “high”.
The first two vulnerabilities only affect the Teacher and Manager user roles in the standard installation. This is because the EQUELLA and Dropbox repositories are only activated by default for these roles. This is where the vulnerability can be found, which attackers can use to launch malicious code attacks. It is not yet clear how such attacks could be carried out in detail. There is currently no evidence that attackers are already actively exploiting vulnerabilities.
If it is not possible for admins to install the security update immediately, they can secure systems using a temporary solution by deactivating the respective repository in the settings.
The third vulnerability allows attackers to access sensitive student information and prevent them from logging in.
Further dangers
The majority of the remaining vulnerabilities are rated “medium”. Attackers can use these vulnerabilities to access information that is actually protected.
Videos by heise
The developers assure us that they have closed the vulnerabilities in the following versions. All previous versions are vulnerable.
- 4.1.18
- 4.3.12
- 4.4.8
- 4.5.4
(des)
