Primary

Context

Moodle Dropbox Repository Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the Moodle Learning Management System (LMS) Dropbox repository. This issue affects versions 4.5 to 4.5.3, 4.4 to 4.4.7, 4.3 to 4.3.11, 4.1 to 4.1.17, and earlier unsupported versions. The vulnerability is accessible by default only to teachers and managers on sites with the Dropbox repository enabled.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the affected Moodle instance.

Remediation

Users can upgrade to Moodle versions 4.5.4, 4.4.8, 4.3.12, or 4.1.18 to address this vulnerability. Alternatively, the Dropbox repository can be disabled in the site administration settings until the update is applied.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

10.0

exploitability

5.2

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Dropbox Repository Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating