CVE-2025-32044 is a vulnerability identified in Moodle version 4.5.0, a widely used open-source learning management system. The flaw allows unauthenticated attackers to retrieve sensitive user information, including names, contact information, and hashed passwords, by exploiting stack traces returned from specific API calls. The root cause is the exposure of detailed exception stack traces that include sensitive data when PHP is configured with zend.exception_ignore_args set to 0 or unset in the php.ini file. This setting controls whether function arguments are included in exception stack traces. When set to 1, argument details are omitted, mitigating the vulnerability. The vulnerability does not require any authentication or user interaction, making it trivially exploitable remotely. The CVSS 3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates a network attack vector with low complexity, no privileges or user interaction required, and a high impact on confidentiality. The vulnerability does not affect integrity or availability. No known exploits have been reported in the wild yet, but the exposure of hashed passwords and personal data poses a significant risk of further attacks such as credential cracking or targeted phishing. The vulnerability is specific to Moodle 4.5.0 and depends on PHP configuration, meaning some sites may not be vulnerable if zend.exception_ignore_args is properly set. No official patch links are currently provided, but configuration changes can mitigate the risk.

The primary impact of CVE-2025-32044 is the unauthorized disclosure of sensitive user information, including personally identifiable information (PII) and hashed passwords. This can lead to privacy violations, identity theft, and credential compromise if attackers crack the hashed passwords. Educational institutions and organizations relying on Moodle for user management may face reputational damage, regulatory penalties, and loss of user trust. The exposure of hashed passwords increases the risk of lateral attacks on other systems where users reuse credentials. Since the vulnerability requires no authentication or user interaction, it can be exploited at scale by automated scanning tools, increasing the likelihood of widespread data leakage. Although availability and integrity are not directly affected, the confidentiality breach alone is severe, especially given the sensitive nature of educational data. Organizations worldwide using Moodle 4.5.0 are at risk, particularly those with large user bases or sensitive user data. The lack of known exploits in the wild provides a window for proactive mitigation, but the vulnerability’s ease of exploitation demands urgent attention.

To mitigate CVE-2025-32044, organizations should immediately verify and update their PHP configuration by setting zend.exception_ignore_args=1 in the php.ini file to prevent sensitive argument data from appearing in stack traces. This configuration change is a critical and immediate defense. Additionally, organizations should monitor Moodle updates and apply any official patches or security releases addressing this vulnerability as soon as they become available. Restricting access to Moodle API endpoints through network-level controls such as firewalls or web application firewalls (WAFs) can reduce exposure. Implementing comprehensive logging and monitoring to detect unusual API access patterns may help identify exploitation attempts early. Organizations should also review and enforce strong password policies and consider multi-factor authentication to mitigate risks from compromised credentials. Regularly auditing Moodle configurations and updating to supported, patched versions will reduce future risks. Finally, educating administrators about secure PHP configurations and exception handling best practices is recommended to prevent similar issues.