CVE-2025-3641: 
PHP vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2025-3641) was identified in the Moodle Learning Management System's Dropbox repository feature. The vulnerability was discovered on April 15, 2025, and affects Moodle versions 4.5 to 4.5.3, 4.4 to 4.4.7, 4.3 to 4.3.11, 4.1 to 4.1.17, and earlier unsupported versions (Wiz Security, NVD).

The vulnerability exists in the Dropbox repository component of Moodle LMS. It has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-94 (Improper Control of Generation of Code - Code Injection) (NVD).

The vulnerability could allow authenticated users with teacher or manager roles to execute arbitrary code on systems where the Dropbox repository is enabled. This could potentially lead to unauthorized access to sensitive data, system compromise, or service disruption (Red Hat Bugzilla).

The vulnerability has been fixed in Moodle versions 4.5.4, 4.4.8, 4.3.12, and 4.1.18. System administrators are advised to upgrade to these patched versions to protect against potential exploitation (Red Hat Bugzilla).