4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-62393

GHSA ID

GHSA-rjcm-7v2p-9265

EPSS Score

0.03998%

CWE

CWE-284

Published

10/23/2025

Updated

10/24/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62393

CVE-2025-62393: Moodle course access permissions are not properly checked in course_output_fragment_course_overview

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-62393

GHSA ID

GHSA-rjcm-7v2p-9265

EPSS Score

0.03998%

CWE

CWE-284

Published

10/23/2025

Updated

10/24/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 5.0.0-beta, < 5.0.3	5.0.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the provided security patch (commit fc69b4744ba0132cc3093fd81940be15bc293835) clearly indicates a vulnerability within the course_output_fragment_course_overview function in the file public/course/lib.php. The vulnerability is a classic case of improper access control. The original code called the can_access_course function, which is intended to check if a user has the rights to view a course. However, the code did not check the boolean value returned by this function. As a result, the function would proceed to load and display course information regardless of the user's permissions. The patch rectifies this by wrapping the can_access_course call in a conditional that throws a require_login_exception if the check fails, thus properly enforcing access control. Therefore, the course_output_fragment_course_overview function is the vulnerable function that would appear in a runtime profile when this vulnerability is triggered.

Vulnerable functions

course_output_fragment_course_overview

public/course/lib.php

The vulnerability lies in the `course_output_fragment_course_overview` function where the `can_access_course` function was called, but its return value was not checked. This means that access control was not enforced, allowing users to view course information without the necessary permissions. The patch fixes this by checking the return value of `can_access_course` and throwing an exception if the user does not have access.

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in t** *ours* ov*rvi*w output *un*tion w**r* us*r ****ss p*rmissions w*r* not *ully *n*or***. T*is *oul* *llow un*ut*oriz** us*rs to vi*w in*orm*tion **out *ours*s t**y s*oul* not **v* ****ss to, pot*nti*lly *xposin* limit** *ours* *

Reasoning

T** *n*lysis o* t** provi*** s**urity p*t** (*ommit ****************************************) *l**rly in*i**t*s * vuln*r**ility wit*in t** `*ours*_output_*r**m*nt_*ours*_ov*rvi*w` *un*tion in t** *il* `pu*li*/*ours*/li*.p*p`. T** vuln*r**ility is * *

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-62393: Moodle course access permissions are not properly checked in course_output_fragment_course_overview

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI