Login Sign Up

CVE-2025-62401

5.4 MEDIUM
Authentication Bypass

📋 TL;DR

A vulnerability in Moodle's timed assignment feature allows students to bypass time restrictions, potentially gaining extra time to complete assessments. This affects Moodle instances with timed assignments enabled, impacting educational institutions and organizations using this learning management system.

💻 Affected Systems

Products:
  • Moodle
Versions: Specific affected versions not detailed in provided references; check Moodle security advisories
Operating Systems: All platforms running Moodle
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances with timed assignments feature enabled and in use

📦 What is this software?

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

Moodle by Moodle

View all CVEs affecting Moodle →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Students could gain unlimited time for timed assessments, compromising academic integrity and potentially affecting grading fairness across entire courses.

🟠

Likely Case

Some students discover and exploit the bypass to gain modest time extensions, creating unfair advantages in timed exams or assignments.

🟢

If Mitigated

With proper monitoring and access controls, impact is limited to isolated incidents that can be detected and addressed.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires student-level access to Moodle and knowledge of the bypass method

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Moodle security releases for CVE-2025-62401

Vendor Advisory: https://moodle.org/security/

Restart Required: No

Instructions:

1. Check current Moodle version. 2. Apply Moodle security update addressing CVE-2025-62401. 3. Verify timed assignment functionality works correctly post-update.

🔧 Temporary Workarounds

Disable timed assignments temporarily

all

Temporarily disable the timed assignment feature until patched

Navigate to Moodle admin panel > Assignment settings > Disable timed restrictions

Enhanced monitoring of assignment submissions

all

Monitor assignment submission times for anomalies

Review Moodle logs for assignment submission timing patterns

🧯 If You Can't Patch

  • Implement manual time tracking for critical assessments
  • Use alternative assessment methods without time restrictions

🔍 How to Verify

Check if Vulnerable:

Test if students can submit assignments after the configured time limit has expired

Check Version:

Check Moodle version in Site administration > Notifications

Verify Fix Applied:

Verify that timed assignments properly enforce time restrictions after update

📡 Detection & Monitoring

Log Indicators:

  • Assignment submissions significantly after time limit
  • Multiple submission attempts after time expiration

Network Indicators:

  • Unusual timing patterns in assessment submissions

SIEM Query:

Search for assignment submission events where submission_time > assignment_end_time + grace_period

📊 Metadata

CVE ID: CVE-2025-62401
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-285
EPSS Score: 0.04% exploit probability (11.9th percentile)
Published: October 23, 2025
Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62401, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)