What is the severity of GHSA-6g5x-h5x7-q4mq?

GHSA-6g5x-h5x7-q4mq is classified as a medium severity vulnerability due to insufficient capability checks.

How do I fix GHSA-6g5x-h5x7-q4mq?

To fix GHSA-6g5x-h5x7-q4mq, upgrade to Moodle version 4.5.4, 4.4.8, 4.3.12, or 4.1.18.

Who is affected by GHSA-6g5x-h5x7-q4mq?

Users of Moodle versions between 4.5.0-beta and 4.5.4, 4.4.0-beta and 4.4.8, 4.3.0-beta and 4.3.12, and all versions up to 4.1.18 are affected.

What kind of information can be accessed due to GHSA-6g5x-h5x7-q4mq?

The vulnerability allows unauthorized users to access other users' full names and profile image URLs.

Is my data safe from GHSA-6g5x-h5x7-q4mq if I am using the latest Moodle version?

If you are using a Moodle version later than 4.5.4, 4.4.8, or 4.3.12, your data is safe from this vulnerability.

Vulnerability/
GHSA-6g5x-h5x7-q4mq

medium

4.3

CWE

639

25/4/2025

GHSA-6g5x-h5x7-q4mq

First published: Fri Apr 25 2025(Updated: )

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.

Affected Software	Affected Version	How to fix
composer/moodle/moodle	>=4.5.0-beta<4.5.4	4.5.4
composer/moodle/moodle	>=4.4.0-beta<4.4.8	4.4.8
composer/moodle/moodle	>=4.3.0-beta<4.3.12	4.3.12
composer/moodle/moodle	<4.1.18	4.1.18

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of GHSA-6g5x-h5x7-q4mq?
GHSA-6g5x-h5x7-q4mq is classified as a medium severity vulnerability due to insufficient capability checks.
How do I fix GHSA-6g5x-h5x7-q4mq?
To fix GHSA-6g5x-h5x7-q4mq, upgrade to Moodle version 4.5.4, 4.4.8, 4.3.12, or 4.1.18.
Who is affected by GHSA-6g5x-h5x7-q4mq?
Users of Moodle versions between 4.5.0-beta and 4.5.4, 4.4.0-beta and 4.4.8, 4.3.0-beta and 4.3.12, and all versions up to 4.1.18 are affected.
What kind of information can be accessed due to GHSA-6g5x-h5x7-q4mq?
The vulnerability allows unauthorized users to access other users' full names and profile image URLs.
Is my data safe from GHSA-6g5x-h5x7-q4mq if I am using the latest Moodle version?
If you are using a Moodle version later than 4.5.4, 4.4.8, or 4.3.12, your data is safe from this vulnerability.

collector/github-advisory-latest
source/GitHub
alias/GHSA-6g5x-h5x7-q4mq
alias/CVE-2025-3640
agent/software-canonical-lookup
agent/references
agent/weakness
agent/source
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/type
agent/event
package-manager/composer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.