CVE-2025-26527: Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block

February 24, 2025

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

References

github.com/advisories/GHSA-5r85-6h7f-rg3r
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=466143
nvd.nist.gov/vuln/detail/CVE-2025-26527

Detect and mitigate CVE-2025-26527 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →