Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0040

NIXPKGS-2026-0040

published on

Permalink CVE-2025-62397

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 6 months ago
@LeSuisse ignored package moodle-dl 4 months, 1 week ago
@LeSuisse deleted
2 maintainers
- @kmein
- @freezeboy
4 months, 1 week ago maintainer.delete
@LeSuisse accepted 4 months, 1 week ago
@LeSuisse published on GitHub 4 months, 1 week ago

Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

References

https://access.redhat.com/security/cve/CVE-2025-62397 vdb-entryx_refsource_REDHAT
RHBZ#2404430 issue-trackingx_refsource_REDHAT

Affected products

moodle

<5.0.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.0.2
- nixpkgs-unstable 5.0.2
- nixos-unstable-small 5.0.2

Ignored packages (1)

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13

Package maintainers

Ignored maintainers (1)

@freezeboy freezeboy