The vulnerability identified as CVE-2025-60511 affects the Moodle OpenAI Chat Block plugin version 3.0.1 (build 2025021700). It is an Insecure Direct Object Reference (IDOR) flaw arising from insufficient validation of the blockId parameter in the API endpoint /blocks/openai_chat/api/completion.php. This parameter is intended to identify the specific chat block instance a user is interacting with. However, due to inadequate access control checks, an authenticated student can supply a blockId belonging to another user, including privileged users such as administrators. By doing so, the attacker can impersonate that user’s chat block context, gaining unauthorized access to administrator-only Source of Truth entries—data that likely influences AI responses or contains sensitive configuration. Additionally, the attacker can alter the behavior of the AI model by sending queries under the administrator’s configuration, potentially manipulating AI outputs or exhausting API usage quotas tied to privileged accounts. The vulnerability requires the attacker to be authenticated as a student but does not require further user interaction or social engineering. No public exploits have been reported yet, but the flaw presents a significant risk to the confidentiality and integrity of Moodle deployments using this plugin. The lack of a CVSS score indicates this is a newly published vulnerability with limited public analysis. The vulnerability’s impact is compounded by the strategic role of Moodle in educational institutions and the sensitive nature of administrator-level data and AI model configurations.

For European organizations, particularly educational institutions and universities that rely heavily on Moodle as a learning management system, this vulnerability poses a significant risk. Unauthorized access to administrator-only data can lead to exposure of sensitive educational content, internal configurations, or AI training data, undermining confidentiality. Manipulation of AI model behavior could degrade the quality of AI-assisted learning tools or introduce misinformation, impacting the integrity of educational services. Misuse of API resources under privileged accounts could lead to denial of service or increased operational costs. The breach of trust and potential data leakage could also have regulatory implications under GDPR, especially if personal data is involved. The impact is heightened in countries with widespread Moodle adoption and where AI integration in education is more advanced. Since exploitation requires authentication, the threat is primarily from insider attackers or compromised student accounts, but the consequences remain severe.

To mitigate this vulnerability, Moodle administrators should immediately audit and update the OpenAI Chat Block plugin to a patched version once available. In the absence of a patch, implement strict server-side validation of the blockId parameter to ensure it matches the authenticated user’s permissions before processing any requests. Enforce role-based access controls rigorously to prevent students from accessing administrator-level blocks. Monitor API usage logs for unusual patterns indicative of impersonation or resource abuse. Consider temporarily disabling the OpenAI Chat Block plugin if the risk is unacceptable and no patch is available. Educate users about the importance of account security to prevent credential compromise. Additionally, implement network-level controls to restrict API access and apply rate limiting to reduce the impact of potential misuse. Regularly review and update security policies around third-party plugins and AI integrations within Moodle environments.