CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-26525: Arbitrary file read risk through pdfTeX

8.6 CVSS

Description

Insufficient sanitizing in the TeX notation filter resulted in an
arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).

Classification

CVE ID: CVE-2025-26525

CVSS Base Severity: HIGH

CVSS Base Score: 8.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem Types

CWE-552 Files or Directories Accessible to External Parties

Affected Products

Vendor: Moodle Project

Product: moodle

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 10.65% (scored less or equal to compared to others)

EPSS Date: 2025-03-25 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-26525
https://moodle.org/mod/forum/discuss.php?d=466141
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136

Timeline

2025-02-24 20:40:18 UTC
CVE

Arbitrary file read risk through pdfTeX