CVE-2025-3643: 
PHP vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Moodle's policy tool, identified as CVE-2025-3643. The vulnerability affects Moodle versions 4.5 to 4.5.3, 4.4 to 4.4.7, 4.3 to 4.3.11, 4.1 to 4.1.17, and earlier unsupported versions. The issue stems from insufficient sanitization of the return URL in the policy tool, which could lead to reflected XSS attacks (Wiz Report).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-site Scripting. The CVSS v3.1 base score is 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impact on confidentiality and integrity (NVD).

The vulnerability allows for reflected cross-site scripting attacks through the policy tool's return URL functionality. If successfully exploited, an attacker could potentially inject malicious scripts that execute in users' browsers, leading to potential theft of session tokens or other sensitive information (Wiz Report).

Moodle has released fixed versions to address this vulnerability: 4.5.4, 4.4.8, 4.3.12, and 4.1.18. Users are advised to upgrade to these patched versions to mitigate the risk (Red Hat Bugzilla).