ByteOS Network

NVD Vulnerability Details :

CVE-2025-26525

Analyzed

Source-patrick@puiterwijk.org

Published At-24 Feb, 2025 | 20:15

Updated At-08 Aug, 2025 | 19:41

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CPE Matches

Moodle Pty Ltd

>>moodle>>Versions from 4.1.0(inclusive) to 4.1.16(exclusive)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Moodle Pty Ltd

>>moodle>>Versions from 4.3.0(inclusive) to 4.3.10(exclusive)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Moodle Pty Ltd

>>moodle>>Versions from 4.4.0(inclusive) to 4.4.6(exclusive)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Moodle Pty Ltd

>>moodle>>Versions from 4.5.0(inclusive) to 4.5.2(exclusive)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-552	Secondary	patrick@puiterwijk.org

CWE ID: CWE-552

Type: Secondary

Source: patrick@puiterwijk.org

References

Hyperlink	Source	Resource
https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136	patrick@puiterwijk.org	Patch
https://moodle.org/mod/forum/discuss.php?d=466141	patrick@puiterwijk.org	Vendor Advisory

Hyperlink: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136

Source: patrick@puiterwijk.org

Resource:

Patch

Hyperlink: https://moodle.org/mod/forum/discuss.php?d=466141

Source: patrick@puiterwijk.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History