CVE-2025-62400: Moodle exposed the names of hidden groups to users
(updated )
Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.
References
- access.redhat.com/security/cve/CVE-2025-62400
- bugzilla.redhat.com/show_bug.cgi?id=2404433
- github.com/advisories/GHSA-422v-w6c5-vq42
- github.com/moodle/moodle
- github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05
- moodle.org/mod/forum/discuss.php?d=470389
- nvd.nist.gov/vuln/detail/CVE-2025-62400
Code Behaviors & Features
Detect and mitigate CVE-2025-62400 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →