CVE-2025-34031
Published: 24 June 2025
Summary
CVE-2025-34031 is a high-severity Path Traversal (CWE-22) vulnerability in Geoffrowland Jmol. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A path traversal vulnerability affects the Jmol plugin version 6.1 and earlier in the Moodle learning management system. The flaw resides in jsmol.php, where the script passes an unsanitized query parameter directly to the file_get_contents() function, enabling unauthenticated retrieval of arbitrary files from the server filesystem. The issue is tracked as CWE-22 and carries a CVSS 4.0 score of 8.7.
An attacker can exploit the vulnerability over the network without authentication or user interaction by supplying a crafted query value that traverses directories. Successful exploitation can disclose sensitive files, including configuration data that may contain database credentials, thereby facilitating further compromise of the Moodle instance.
Public references from VulnCheck, Dionach, and Exploit-DB document the issue and provide technical details on the affected plugin. Exploitation evidence was recorded by the Shadowserver Foundation on 2025-02-02 UTC, and the EPSS score has remained steady at a peak of 0.1830 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-18971
Vulnerability details
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files…
more
from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated path traversal in public-facing Moodle Jmol plugin (T1190) enables arbitrary file reads from local system (T1005), exposing sensitive data including database credentials in config files (T1552.001).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.