CVE-2025-26527 - Vulnerability Details - OpenCVE

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941
https://moodle.org/mod/forum/discuss.php?d=466143

History

Fri, 08 Aug 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moodle Moodle moodle
CPEs		cpe:2.3:a:moodle:moodle::::::::
Vendors & Products		Moodle Moodle moodle

Mon, 24 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 24 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
Description		Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.
Title		Non-searchable tags can still be discovered on the tag search page and in the tags block
Weaknesses		CWE-1230
References		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941 https://moodle.org/mod/forum/discuss.php?d=466143
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2025-02-24T19:44:06.228Z

Updated: 2025-02-24T20:12:14.116Z

Reserved: 2025-02-12T13:29:39.336Z

Link: CVE-2025-26527

Vulnrichment

Updated: 2025-02-24T19:57:36.148Z

NVD

Status : Analyzed

Published: 2025-02-24T20:15:33.403

Modified: 2025-08-08T19:40:08.470

Link: CVE-2025-26527

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26527", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2025-02-12T13:29:39.336Z", "datePublished": "2025-02-24T19:44:06.228Z", "dateUpdated": "2025-02-24T20:12:14.116Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "moodle", "vendor": "Moodle Project", "versions": [{"lessThan": "4.5.2", "status": "affected", "version": "4.5.0", "versionType": "semver"}, {"lessThan": "4.4.6", "status": "affected", "version": "4.4.0", "versionType": "semver"}, {"lessThan": "4.3.10", "status": "affected", "version": "4.3.0", "versionType": "semver"}, {"lessThan": "4.1.16", "status": "affected", "version": "4.1.0", "versionType": "semver"}, {"lessThan": "4.2.*", "status": "unknown", "version": "4.2.0", "versionType": "semver"}, {"lessThan": "4.0.*", "status": "unknown", "version": "0", "versionType": "semver"}]}], "datePublic": "2025-02-18T05:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block."}], "value": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1230", "description": "CWE-1230 Exposure of Sensitive Information Through Metadata", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-02-24T20:12:14.116Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=466143"}, {"tags": ["patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941"}], "source": {"discovery": "UNKNOWN"}, "title": "Non-searchable tags can still be discovered on the tag search page and in the tags block", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T19:57:30.268527Z", "id": "CVE-2025-26527", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T19:58:10.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-24T19:57:30.268527Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T19:57:36.148Z"}}], "cna": {"title": "Non-searchable tags can still be discovered on the tag search page and in the tags block", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moodle Project", "product": "moodle", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.2", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.6", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.10", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.16", "versionType": "semver"}, {"status": "unknown", "version": "4.2.0", "lessThan": "4.2.*", "versionType": "semver"}, {"status": "unknown", "version": "0", "lessThan": "4.0.*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-02-18T05:38:00.000Z", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=466143", "tags": ["vendor-advisory"]}, {"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.", "supportingMedia": [{"type": "text/html", "value": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1230", "description": "CWE-1230 Exposure of Sensitive Information Through Metadata"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-02-24T20:12:14.116Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26527", "state": "PUBLISHED", "dateUpdated": "2025-02-24T20:12:14.116Z", "dateReserved": "2025-02-12T13:29:39.336Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2025-02-24T19:44:06.228Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABE6D6ED-55D3-46B4-84DC-7C3684E3260E", "versionEndExcluding": "4.1.16", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DF83192-5999-4E1B-B109-A1B0F68437B2", "versionEndExcluding": "4.3.10", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91CC5BB-FFB9-4D09-9001-105A8B68208E", "versionEndExcluding": "4.4.6", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "830F7FD6-3257-44A2-9599-2C5C2FF2BA20", "versionEndExcluding": "4.5.2", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block."}, {"lang": "es", "value": " Las etiquetas que no se espera que sean visibles para un usuario a\u00fan podr\u00edan ser descubiertas por \u00e9ste a trav\u00e9s de la p\u00e1gina de b\u00fasqueda de etiquetas o en el bloque de etiquetas."}], "id": "CVE-2025-26527", "lastModified": "2025-08-08T19:40:08.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}]}, "published": "2025-02-24T20:15:33.403", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=466143"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1230"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}