CVE-2025-62399

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The authentication endpoints for Moodle’s mobile and web services did not adequately limit repeated password attempts, leaving them open to brute-force attacks. The vulnerable endpoints are the mobile and web service authentication endpoints. The issue involves insufficient restriction of password attempts, potentially allowing attackers to guess valid credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.