CVE-2025-26525
Published: 24 February 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-26525 is a vulnerability in Moodle's TeX notation filter caused by insufficient sanitizing, resulting in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed. The issue affects Moodle deployments that have the TeX filter enabled alongside a compatible TeX environment.
An unauthenticated network attacker can exploit this vulnerability with low attack complexity and no user interaction required, as reflected in its CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). Successful exploitation enables high-impact confidentiality violations through arbitrary file reads, mapped to CWE-552 (Files or Directories Accessible to External Parties).
Mitigation details are documented in Moodle's resources, including a git commit search for MDL-84136 at https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136 and a related forum discussion at https://moodle.org/mod/forum/discuss.php?d=466141. The CVE was published on 2025-02-24T20:15:33.103.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in public-facing Moodle web app enables exploitation via T1190; arbitrary file read directly facilitates T1005 for collecting data from local system.