| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Moodle. Affected by this issue is some unknown functionality of the component Forum Search. The manipulation results in improper handling of parameters. This vulnerability is reported as CVE-2024-25979. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability was found in Moodle (Learning Management Software). It has been classified as problematic. Affected is an unknown code block of the component Forum Search. The manipulation with an unknown input leads to a improper handling of parameters vulnerability. CWE is classifying the issue as CWE-233. The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. This is going to have an impact on confidentiality. CVE summarizes:
The URL parameters accepted by forum search were not limited to the allowed parameters.
The weakness was disclosed 02/19/2024. The advisory is shared for download at git.moodle.org. This vulnerability is traded as CVE-2024-25979 since 02/13/2024. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 261497 (Linux Distros Unpatched Vulnerability : CVE-2024-25979), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.3.3 or 4.1.9 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.moodle.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at Tenable (261497). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Name
License
Website
- Product: https://moodle.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.3
NVD Vector: 🔍
CNA Base Score: 5.3
CNA Vector (Fedora Project): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper handling of parametersCWE: CWE-233 / CWE-229 / CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 261497
Nessus Name: Linux Distros Unpatched Vulnerability : CVE-2024-25979
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Moodle 4.3.3/4.1.9
Patch: git.moodle.org
Timeline
02/13/2024 🔍02/19/2024 🔍
02/19/2024 🔍
09/06/2025 🔍
Sources
Product: moodle.orgAdvisory: FEDORA-2024-d2f180202f
Status: Confirmed
CVE: CVE-2024-25979 (🔍)
GCVE (CVE): GCVE-0-2024-25979
GCVE (VulDB): GCVE-100-254112
Entry
Created: 02/19/2024 18:04Updated: 09/06/2025 22:47
Changes: 02/19/2024 18:04 (47), 03/08/2024 11:45 (1), 03/08/2024 11:53 (1), 01/24/2025 05:10 (26), 09/06/2025 22:47 (2)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.