CVE-2025-67856
Last modified
CVE-2025-67856 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | < 4.1.22 |
| Moodle | Moodle | >= 4.4.0, < 4.4.12 |
| Moodle | Moodle | >= 4.5.0, < 4.5.8 |
| Moodle | Moodle | >= 5.0.0, < 5.0.4 |
| Moodle | Moodle | 5.1.0 |
References
- https://access.redhat.com/security/cve/CVE-2025-67856Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2423864Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-67856?
How severe is CVE-2025-67856?
How do I fix CVE-2025-67856?
Are you affected by CVE-2025-67856?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST