Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3640)
Description
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.