CVE-2025-3645 is an authorization vulnerability discovered in Moodle, a widely used open-source learning management system. The flaw arises from insufficient capability checks within a messaging web service component, which fails to properly restrict access to user information. Specifically, authenticated users with low-level privileges can query the service to retrieve other users' names and their online statuses, information that should normally be protected. The vulnerability affects Moodle versions 4.1.0, 4.3.0, 4.4.0, and 4.5.0. The CVSS 3.1 base score is 4.3, reflecting a medium severity level. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and low privileges (PR:L), with no user interaction (UI:N) needed. The scope remains unchanged (S:U), and the impact is limited to confidentiality (C:L) with no integrity (I:N) or availability (A:N) impact. There are no known exploits in the wild at this time. The vulnerability could be leveraged by malicious insiders or compromised accounts to gather user presence data, potentially aiding in social engineering or further targeted attacks. The lack of proper authorization checks indicates a design or implementation oversight in the messaging service's access control mechanisms. No official patches or mitigation links were provided in the source information, suggesting that organizations should monitor Moodle advisories for updates or consider temporary access restrictions to the messaging service.

The primary impact of CVE-2025-3645 is unauthorized disclosure of user identity and presence information within Moodle environments. While this does not directly compromise data integrity or system availability, it undermines user privacy and can facilitate reconnaissance activities by attackers. Exposure of online status and user names can enable social engineering, phishing, or targeted attacks against educators, students, and administrators. In large educational institutions or organizations relying heavily on Moodle for communication, this could lead to increased risk of account compromise or insider threats. The vulnerability's requirement for authenticated access limits exploitation to users with some level of system access, but given the low privilege needed, even standard users could abuse it. The absence of known exploits reduces immediate risk, but the vulnerability remains a concern for privacy and information security compliance, especially in regions with strict data protection regulations.

Organizations should apply official Moodle patches as soon as they become available to address CVE-2025-3645. In the interim, administrators can restrict access to the vulnerable messaging web service by implementing network-level controls such as firewall rules or web application firewall (WAF) policies that limit access to trusted users only. Reviewing and tightening user role permissions to ensure that only necessary users have messaging service access can reduce exposure. Monitoring logs for unusual access patterns to the messaging service may help detect exploitation attempts. Additionally, organizations should educate users about the risks of social engineering and encourage strong authentication practices. If possible, upgrading to Moodle versions beyond 4.5.0 where the vulnerability is fixed is recommended. Regular security assessments and penetration testing focused on authorization controls in web services can help identify similar issues proactively.