{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "4.1.18" }, { "introduced": "4.3.0" }, { "fixed": "4.3.12" }, { "introduced": "4.4.0" }, { "fixed": "4.4.8" }, { "introduced": "4.5.0" }, { "fixed": "4.5.4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "2a900d6ed9af75abcdd82f1dbae37d8b06c37bf7" }, { "introduced": "fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f" }, { "fixed": "73fc31dabf4feb33ef02167bd98063a3ceef89bb" }, { "introduced": "ee91c6536f99e1633e2245780c4fe7f47340ed66" }, { "fixed": "f22eed6b67af8d0c25732d549680482e1867cd34" }, { "introduced": "52c0da7c647bd6ba8c5f61882d88959821a1fb41" }, { "fixed": "8f0c7bb53cd3ead755e941183e6d3bd0ac717a19" } ], "repo": "https://github.com/moodle/moodle", "type": "GIT" } ] } ], "details": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.", "id": "CVE-2025-3638", "modified": "2026-03-13T21:53:12.980006748Z", "published": "2025-04-25T15:15:37.640Z", "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/security/cve/CVE-2025-3638" }, { "type": "ADVISORY", "url": "https://moodle.org/mod/forum/discuss.php?d=467600" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }