Miggo Logo
Miggo Vulnerability Database
CVE-2025-26525

CVE-2025-26525:
Moodle has an arbitrary file read risk through pdfTeX

8.6

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-26525
GHSA ID
GHSA-4hmr-39vp-xfrr
EPSS Score
0.18561%
CWE
CWE-552
Published
2/24/2025
Updated
2/24/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 4.5.0-beta, < 4.5.24.5.2
moodle/moodlecomposer>= 4.4.0-beta, < 4.4.64.4.6
moodle/moodlecomposer>= 4.3.0-beta, < 4.3.104.3.10
moodle/moodlecomposer< 4.1.164.1.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient sanitization in the TeX notation filter. The commit reference MDL-84136 and patch context mention improvements to 'filter_tex' sanitization. Moodle's TeX filter (filter_tex::filter in filter/tex/filter.php) handles user-provided TeX content and passes it to pdfTeX. Prior to patching, it likely failed to properly sanitize commands that enable arbitrary file inclusion (e.g., \input{/etc/passwd}). This matches the CWE-552 pattern of exposing files via external command execution. The confidence is high due to the direct correlation between the vulnerability description, CWE type, and the filter_tex component explicitly mentioned in the commit reference.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Insu**i*i*nt s*nitizin* in t** T*X not*tion *ilt*r r*sult** in *n *r*itr*ry *il* r*** risk on sit*s w**r* p**T*X is *v*il**l* (su** *s t*os* wit* T*X Liv* inst*ll**).

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt s*nitiz*tion in t** T*X not*tion *ilt*r. T** *ommit r***r*n** M*L-***** *n* p*t** *ont*xt m*ntion improv*m*nts to '*ilt*r_t*x' s*nitiz*tion. Moo*l*'s T*X *ilt*r (*ilt*r_t*x::*ilt*r in *ilt*r/t*x/*ilt*r.p*p) *