FERRAMENTAS LINUX: Critical Security Update: Fedora 41 Addresses Moodle SSRF & IDOR Vulnerabilities (CVE-2025-49513 to CVE-2025-49518)

domingo, 29 de junho de 2025

Critical Security Update: Fedora 41 Addresses Moodle SSRF & IDOR Vulnerabilities (CVE-2025-49513 to CVE-2025-49518)

 

Fedora

Fedora 41 releases a critical Moodle security patch (FEDORA-2025-622bed7e7a) fixing SSRF, IDOR, and password leaks (CVE-2025-49513 to CVE-2025-49518). Learn how to secure your LMS now!


Overview of the Fedora 41 Moodle Security Advisory (FEDORA-2025-622bed7e7a)

Fedora 41 has released a critical security update for Moodle, the widely used open-source Learning Management System (LMS). This patch addresses multiple high-risk vulnerabilities, including:

  • Server-Side Request Forgery (SSRF) via DNS rebinding

  • Insecure Direct Object Reference (IDOR) exposing user course data

  • Password leakage due to improper caching

  • CSRF flaws in badge management

Why is this update crucial?
Moodle powers millions of e-learning platforms worldwide, making it a prime target for cyberattacks. Failure to apply this patch could lead to unauthorized data access, credential theft, and server compromise.

Detailed Vulnerability Breakdown

1. CVE-2025-49518 – IDOR Exposes User Course Data

  • Risk: Attackers can retrieve recently accessed courses of other users via web service APIs.

  • Impact: Violates user privacy and compliance (e.g., GDPR, FERPA).

  • Fix: Moodle 4.4.9 enforces strict access controls.

2. CVE-2025-49513 – Password Leak via Caching Flaw

  • Risk: Login pages cache credentials after logout, risking exposure.

  • Impact: Credential theft leading to account takeovers.

  • Fix: Patched caching mechanisms prevent residual data leaks.

3. CVE-2025-49514 – SSRF via DNS Rebinding

  • Risk: Attackers manipulate DNS to bypass security, accessing internal networks.

  • Impact: Potential internal system compromise.

  • Fix: Enhanced request validation blocks malicious DNS rebinding.

Additional Fixes in Moodle 4.4.9

  • CVE-2025-49515: Inconsistent course visibility checks

  • CVE-2025-49516: CSRF in badge management

  • CVE-2025-49517: Missing auth checks in BigBlueButton

How to Apply the Fedora 41 Update

To secure your system, run:

bash
sudo dnf upgrade --advisory FEDORA-2025-622bed7e7a

For detailed instructions, refer to the official DNF documentation.

FAQ: Fedora 41 Moodle Security Update

Q: Is this update mandatory?

A: Yes—unpatched Moodle instances are vulnerable to data breaches and server exploits.

Q: Does this affect other Linux distros?

A: Yes, but Fedora 41 is among the first to release fixes. Check your distro’s advisories.

Q: How do I verify the update was applied?

A: Run:

bash
rpm -q moodle --changelog | grep CVE-2025-49518


Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)