PT-2025-42911 · Moodle+1 · Moodle+1
Published
2025-10-21
·
Updated
2025-10-21
·
CVE-2025-60511
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle OpenAI Chat Block plugin version 3.0.1 (2025021700)
Description
The Moodle OpenAI Chat Block plugin is affected by an Insecure Direct Object Reference (IDOR) issue. Insufficient validation of the
blockId parameter in the '/blocks/openai chat/api/completion.php' API endpoint allows an authenticated student to impersonate another user’s block, such as an administrator. This can lead to exposure of administrator-only Source of Truth entries, alteration of model behavior, and potential misuse of API resources.Recommendations
Update Moodle OpenAI Chat Block plugin to a newer version that contains a fix for this vulnerability.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle
Moodle Openai Chat Block