5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-25981

GHSA ID

GHSA-jfrg-9hpq-9hvp

EPSS Score

0.36638%

CWE

CWE-284

Published

2/19/2024

Updated

1/23/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-25981

CVE-2024-25981: Improper Access Control in moodle

Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-25981

GHSA ID

GHSA-jfrg-9hpq-9hvp

EPSS Score

0.36638%

CWE

CWE-284

Published

2/19/2024

Updated

1/23/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 4.3.0, < 4.3.3	4.3.3
moodle/moodle	composer	>= 4.2.0, < 4.2.6	4.2.6
moodle/moodle	composer	< 4.1.9	4.1.9

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from three key issues: 1) The user search functions (core_enrol_external::search_users and course_enrolment_manager::search_users) used course-level group context instead of activity-specific context, 2) The discussion vault didn't filter by user's allowed groups, and 3) The export form didn't propagate activity context properly. The patch adds contextID parameters, switches to activity-specific group mode checks, and implements proper group filtering in discussion retrieval. These functions were directly modified in the security fix commit to add group mode enforcement at the activity level.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

S*p*r*t* *roups mo** r*stri*tions w*r* not *onor** w**n p*r*ormin* * *orum *xport, w*i** woul* *xport *orum **t* *or *ll *roups. *y ****ult t*is only provi*** ***ition*l ****ss to non-**itin* t*****rs.

Reasoning

T** vuln*r**ility st*mm** *rom t*r** k*y issu*s: *) T** us*r s**r** *un*tions (*or*_*nrol_*xt*rn*l::s**r**_us*rs *n* *ours*_*nrolm*nt_m*n***r::s**r**_us*rs) us** *ours*-l*v*l *roup *ont*xt inst*** o* **tivity-sp**i*i* *ont*xt, *) T** *is*ussion v*ult

5.3

Basic Information

Concerned about an active attack path?

CVE-2024-25981: Improper Access Control in moodle

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI