Files or Directories Accessible to External Parties Affecting moodle/moodle package, versions <4.1.16>=4.3.0-beta, <4.3.10>=4.4.0-beta, <4.4.6>=4.5.0-beta, <4.5.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-MOODLEMOODLE-8746259
- published25 Feb 2025
- disclosed24 Feb 2025
- creditvicevirus
Introduced: 24 Feb 2025
NewCVE-2025-26525 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade moodle/moodle to version 4.1.16, 4.3.10, 4.4.6, 4.5.2 or higher.
Overview
moodle/moodle is a learning platform.
Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to insufficient sanitizing in the TeX notation filter.
Note: This is only exploitable on sites where pdfTeX is available