CVE-2025-3642: 
PHP vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2025-3642) was identified in the Moodle Learning Management System's EQUELLA repository. The vulnerability was discovered and disclosed on April 15, 2025, affecting Moodle versions 4.5 to 4.5.3, 4.4 to 4.4.7, 4.3 to 4.3.11, 4.1 to 4.1.17, and earlier unsupported versions. By default, this vulnerability was only accessible to users with teacher and manager roles on sites with the EQUELLA repository enabled (Wiz, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code - 'Code Injection'). The issue specifically affects the EQUELLA repository component of Moodle LMS, requiring authenticated access with teacher or manager privileges (Wiz).

If exploited, this vulnerability could allow authenticated users with teacher or manager roles to execute arbitrary code on the affected system through the EQUELLA repository component. This could lead to complete compromise of the vulnerable system, potentially affecting the confidentiality, integrity, and availability of the Moodle installation (Wiz).

The vulnerability has been fixed in Moodle versions 4.5.4, 4.4.8, 4.3.12, and 4.1.18. Organizations running affected versions should upgrade to the corresponding fixed version immediately (Bugzilla).