CVE-2025-67855

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-67855	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2423861	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle:5.1.0:-::::::

History

11 Feb 2026, 18:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:moodle:moodle:::::::: cpe:2.3:a:moodle:moodle:5.1.0:-::::::
First Time		Moodle moodle Moodle
References	~~() https://access.redhat.com/security/cve/CVE-2025-67855 -~~	() https://access.redhat.com/security/cve/CVE-2025-67855 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2423861 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2423861 - Third Party Advisory

03 Feb 2026, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 11:15

Updated : 2026-02-11 18:34

NVD link : CVE-2025-67855

Mitre link : CVE-2025-67855

CVE.ORG link : CVE-2025-67855

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-67855", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-02-03T11:15:55.813", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-67855", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423861", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser."}], "lastModified": "2026-02-11T18:34:20.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2DF3FD1-3A53-41D9-890B-F6DE973AB09C", "versionEndExcluding": "4.1.22"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED60CDC-8F12-481C-9ADD-8559860A2B3C", "versionEndExcluding": "4.4.11", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC", "versionEndExcluding": "4.5.8", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F81442-AEEB-483D-90A9-93DDBA5B95D6", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567FEE12-0E75-4F0C-B22E-E76990C80E1B"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}