CVE-2025-26525HIGH 8.6EPSS p32.5%

CVE-2025-26525CVE-2025-26525

Description

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.41% probability of exploitation · percentile 32.5% · 2026-06-18T12:00:27Z
Published2025-02-24
Last modified2025-08-08

Underlying weaknesses· 1

CWE-552

References

  1. https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136
  2. https://moodle.org/mod/forum/discuss.php?d=466141

1

TypeTargetConfidenceTier
WeaknessFiles or Directories Accessible to External Partiescwe-5520%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32583
CVE
CVE-2025-65875
CVE
CVE-2025-3365
CVE
CVE-2025-2305
CVE
CVE-2026-49492
CVE
CVE-2026-35466
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.