CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-67857	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2423868	Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=471307	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle:5.1.0:-::::::

History

11 Feb 2026, 18:58

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2025-67857 -~~	() https://access.redhat.com/security/cve/CVE-2025-67857 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2423868 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2423868 - Third Party Advisory
References	~~() https://moodle.org/mod/forum/discuss.php?d=471307 -~~	() https://moodle.org/mod/forum/discuss.php?d=471307 - Vendor Advisory
CPE		cpe:2.3:a:moodle:moodle:::::::: cpe:2.3:a:moodle:moodle:5.1.0:-::::::
First Time		Moodle moodle Moodle

03 Feb 2026, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-03 11:15

Updated : 2026-02-11 18:58

NVD link : CVE-2025-67857

Mitre link : CVE-2025-67857

CVE.ORG link : CVE-2025-67857

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2025-67857", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-02-03T11:15:56.090", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-67857", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=471307", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure."}], "lastModified": "2026-02-11T18:58:25.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E22203C1-B84A-4B29-9F54-426C9F9DF046", "versionEndExcluding": "4.1.21"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED60CDC-8F12-481C-9ADD-8559860A2B3C", "versionEndExcluding": "4.4.11", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC", "versionEndExcluding": "4.5.8", "versionStartIncluding": "4.5.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F81442-AEEB-483D-90A9-93DDBA5B95D6", "versionEndExcluding": "5.0.4", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "567FEE12-0E75-4F0C-B22E-E76990C80E1B"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}