CVE-2025-62398: 
PHP vulnerability analysis and mitigation

A serious authentication vulnerability (CVE-2025-62398) was discovered in Moodle, affecting versions 5.0 to 5.0.2, 4.5 to 4.5.6, and 4.4 to 4.4.10. The vulnerability was disclosed on October 23, 2025, and involves a flaw in the multi-factor authentication (MFA) system that allows attackers with valid credentials to bypass the second authentication factor (Redhat Bugzilla).

The vulnerability is classified as CWE-287 (Improper Authentication) and received a CVSS 3.1 base score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The technical issue stems from certain login endpoints that were improperly validated for MFA enforcement, creating a security gap in the authentication process (NVD).

The vulnerability potentially compromises user accounts by allowing unauthorized access to systems protected by MFA. When exploited, attackers who have obtained valid username and password combinations can gain access to accounts without completing the required second-factor authentication step (Redhat Bugzilla).

Fixed versions have been released to address this vulnerability: Moodle versions 5.0.3, 4.5.7, and 4.4.11. Organizations using affected versions should upgrade to these patched versions to mitigate the risk (Redhat Bugzilla).