Description
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.
Remediation
References
Related Vulnerabilities
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2025-30752)
WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)
OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-0778)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-11187)