When does Moodle reach end-of-life?

The latest supported Moodle release is 5.2.1. After end-of-life a release no longer receives security patches.

Moodle ↗

Moodle · CMS

100/100 Healthy

Summary iPlain-English security verdict for Moodle, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Moodle currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 5.2.1. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for Moodle each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2024-43425 HIGH Code injection EPSS 89% → fixed in 4.4.2 CVE-2022-35653 MEDIUM Cross-site scripting (XSS) EPSS 84% → fixed in 3.11.8 CVE-2021-21809 CRITICAL OS command injection EPSS 73% → see advisory CVE-2013-3630 MEDIUM Code injection EPSS 65% → see advisory CVE-2018-1133 HIGH Code injection EPSS 41% → see advisory CVE-2020-14321 HIGH Incorrect authorization EPSS 39% → fixed in 3.8.4 CVE-2021-36393 CRITICAL SQL injection EPSS 24% → fixed in 3.11.1 CVE-2021-36394 CRITICAL CWE-384 EPSS 12% → fixed in 3.11.1 CVE-2022-35649 CRITICAL Code injection EPSS 7% → fixed in 4.0.2 CVE-2022-30600 CRITICAL CWE-682 EPSS 7% → fixed in 3.11.7 CVE-2022-40314 CRITICAL Insecure deserialization EPSS 6% → fixed in 4.0.4 CVE-2022-0332 CRITICAL SQL injection EPSS 3% → fixed in 3.11.5

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Moodle release line is supported — and when it sunsets.

5.2 latest 5.2.1 Supported until 2027-10-04

5.1 latest 5.1.5 Supported until 2027-04-19

5.0 latest 5.0.8 Supported until 2026-10-05

4.5 latest 4.5.12 Supported until 2027-10-04

4.4 latest 4.4.12 End of life ended 2025-12-08

4.3 latest 4.3.12 End of life ended 2025-04-21

4.2 latest 4.2.11 End of life ended 2024-10-07

4.1 latest 4.1.22 End of life ended 2025-12-08

4.0 latest 4.0.12 End of life ended 2023-11-13

3.11 latest 3.11.18 End of life ended 2023-11-13

See all upcoming end-of-life dates →