Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@5.1.0-rc1
Typecomposer
Namespacemoodle
Namemoodle
Version5.1.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.1.2
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-44zf-1dw7-qkf5
vulnerability_id VCID-44zf-1dw7-qkf5
summary 
Moodle formula injection vulnerability
A flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67851
reference_id
reference_type
scores
0
value 0.00063
scoring_system epss
scoring_elements 0.1974
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67851
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423841
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423841
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22
4
reference_url https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd
5
reference_url https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746
6
reference_url https://moodle.org/mod/forum/discuss.php?d=471301
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://moodle.org/mod/forum/discuss.php?d=471301
7
reference_url https://access.redhat.com/security/cve/CVE-2025-67851
reference_id CVE-2025-67851
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/
url https://access.redhat.com/security/cve/CVE-2025-67851
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67851
reference_id CVE-2025-67851
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67851
9
reference_url https://github.com/advisories/GHSA-qfh6-h7j6-fvjv
reference_id GHSA-qfh6-h7j6-fvjv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qfh6-h7j6-fvjv
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67851, GHSA-qfh6-h7j6-fvjv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44zf-1dw7-qkf5
1
url VCID-4zvp-nmrk-4qbq
vulnerability_id VCID-4zvp-nmrk-4qbq
summary 
Moodle Cross-site Scripting (XSS) vulnerability
A flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67849
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00697
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67849
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423835
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423835
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471299
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471299
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67849
reference_id CVE-2025-67849
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://access.redhat.com/security/cve/CVE-2025-67849
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67849
reference_id CVE-2025-67849
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67849
7
reference_url https://github.com/advisories/GHSA-mhf6-pp52-8wqj
reference_id GHSA-mhf6-pp52-8wqj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mhf6-pp52-8wqj
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67849, GHSA-mhf6-pp52-8wqj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zvp-nmrk-4qbq
2
url VCID-5snb-dyv3-efe9
vulnerability_id VCID-5snb-dyv3-efe9
summary 
Moodle Open Redirect vulnerability
A flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67852
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03529
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67852
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423844
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423844
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471302
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471302
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67852
reference_id CVE-2025-67852
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/
url https://access.redhat.com/security/cve/CVE-2025-67852
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67852
reference_id CVE-2025-67852
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67852
7
reference_url https://github.com/advisories/GHSA-qv78-6gpp-hm68
reference_id GHSA-qv78-6gpp-hm68
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv78-6gpp-hm68
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67852, GHSA-qv78-6gpp-hm68
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5snb-dyv3-efe9
3
url VCID-5xhb-mx3v-fuhs
vulnerability_id VCID-5xhb-mx3v-fuhs
summary 
Moodle Inserts Sensitive Information Into Sent Data
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67857
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06023
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67857
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423868
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423868
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6
4
reference_url https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0
5
reference_url https://moodle.org/mod/forum/discuss.php?d=471307
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://moodle.org/mod/forum/discuss.php?d=471307
6
reference_url https://access.redhat.com/security/cve/CVE-2025-67857
reference_id CVE-2025-67857
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/
url https://access.redhat.com/security/cve/CVE-2025-67857
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67857
reference_id CVE-2025-67857
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67857
8
reference_url https://github.com/advisories/GHSA-8jrv-wx83-w3xj
reference_id GHSA-8jrv-wx83-w3xj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8jrv-wx83-w3xj
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67857, GHSA-8jrv-wx83-w3xj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhb-mx3v-fuhs
4
url VCID-61ry-zz34-8qhj
vulnerability_id VCID-61ry-zz34-8qhj
summary 
Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67848
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15459
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67848
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423831
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423831
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8
4
reference_url https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663
5
reference_url https://moodle.org/mod/forum/discuss.php?d=471298
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://moodle.org/mod/forum/discuss.php?d=471298
6
reference_url https://access.redhat.com/security/cve/CVE-2025-67848
reference_id CVE-2025-67848
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/
url https://access.redhat.com/security/cve/CVE-2025-67848
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67848
reference_id CVE-2025-67848
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67848
8
reference_url https://github.com/advisories/GHSA-j5jv-w5cw-j9ff
reference_id GHSA-j5jv-w5cw-j9ff
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j5jv-w5cw-j9ff
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67848, GHSA-j5jv-w5cw-j9ff
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-61ry-zz34-8qhj
5
url VCID-657g-68tv-dkam
vulnerability_id VCID-657g-68tv-dkam
summary 
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26047
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.262
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26047
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440905
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440905
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c
4
reference_url https://moodle.org/mod/forum/discuss.php?d=473316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=473316
5
reference_url https://access.redhat.com/security/cve/CVE-2026-26047
reference_id CVE-2026-26047
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/
url https://access.redhat.com/security/cve/CVE-2026-26047
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26047
reference_id CVE-2026-26047
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26047
7
reference_url https://github.com/advisories/GHSA-cg8j-5cr2-568q
reference_id GHSA-cg8j-5cr2-568q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg8j-5cr2-568q
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.2
purl pkg:composer/moodle/moodle@5.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2
aliases CVE-2026-26047, GHSA-cg8j-5cr2-568q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam
6
url VCID-f1da-1duc-2uhb
vulnerability_id VCID-f1da-1duc-2uhb
summary 
Moodle Affected by Improper Restriction of Excessive Authentication Attempts
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67853
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10917
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67853
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423847
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423847
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=471303
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471303
4
reference_url https://access.redhat.com/security/cve/CVE-2025-67853
reference_id CVE-2025-67853
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/
url https://access.redhat.com/security/cve/CVE-2025-67853
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67853
reference_id CVE-2025-67853
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67853
6
reference_url https://github.com/advisories/GHSA-5cx4-w4fh-fr57
reference_id GHSA-5cx4-w4fh-fr57
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cx4-w4fh-fr57
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67853, GHSA-5cx4-w4fh-fr57
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1da-1duc-2uhb
7
url VCID-hufb-p6pa-63c9
vulnerability_id VCID-hufb-p6pa-63c9
summary 
Moodle has an authorization logic flaw
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67856
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06512
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67856
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423864
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423864
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471306
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471306
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67856
reference_id CVE-2025-67856
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/
url https://access.redhat.com/security/cve/CVE-2025-67856
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67856
reference_id CVE-2025-67856
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67856
7
reference_url https://github.com/advisories/GHSA-hcm6-q6pc-xfhm
reference_id GHSA-hcm6-q6pc-xfhm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcm6-q6pc-xfhm
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67856, GHSA-hcm6-q6pc-xfhm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hufb-p6pa-63c9
8
url VCID-j3ts-5ghc-4qct
vulnerability_id VCID-j3ts-5ghc-4qct
summary 
Moodle has a Remote Code Execution risk via file restore
A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26045
reference_id
reference_type
scores
0
value 0.00113
scoring_system epss
scoring_elements 0.29587
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26045
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440901
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440901
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da
4
reference_url https://moodle.org/mod/forum/discuss.php?d=473314
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=473314
5
reference_url https://access.redhat.com/security/cve/CVE-2026-26045
reference_id CVE-2026-26045
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/
url https://access.redhat.com/security/cve/CVE-2026-26045
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26045
reference_id CVE-2026-26045
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26045
7
reference_url https://github.com/advisories/GHSA-ggxq-2mg9-8966
reference_id GHSA-ggxq-2mg9-8966
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggxq-2mg9-8966
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.2
purl pkg:composer/moodle/moodle@5.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2
aliases CVE-2026-26045, GHSA-ggxq-2mg9-8966
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct
9
url VCID-wby4-h9ud-1yh5
vulnerability_id VCID-wby4-h9ud-1yh5
summary 
Moodle vulnerable to Cross-site Scripting
A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67850
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01935
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67850
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423838
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423838
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471300
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471300
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67850
reference_id CVE-2025-67850
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/
url https://access.redhat.com/security/cve/CVE-2025-67850
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67850
reference_id CVE-2025-67850
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67850
7
reference_url https://github.com/advisories/GHSA-6mmv-f6c6-v6q8
reference_id GHSA-6mmv-f6c6-v6q8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mmv-f6c6-v6q8
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67850, GHSA-6mmv-f6c6-v6q8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wby4-h9ud-1yh5
10
url VCID-yby1-g45r-rugg
vulnerability_id VCID-yby1-g45r-rugg
summary 
Moodle vulnerable to Cross-site Scripting
A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67855
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.118
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67855
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423861
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2423861
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713
4
reference_url https://moodle.org/mod/forum/discuss.php?d=471305
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471305
5
reference_url https://access.redhat.com/security/cve/CVE-2025-67855
reference_id CVE-2025-67855
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/
url https://access.redhat.com/security/cve/CVE-2025-67855
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67855
reference_id CVE-2025-67855
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67855
7
reference_url https://github.com/advisories/GHSA-vwhw-vp9v-q9c9
reference_id GHSA-vwhw-vp9v-q9c9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vwhw-vp9v-q9c9
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67855, GHSA-vwhw-vp9v-q9c9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yby1-g45r-rugg
11
url VCID-ykj6-ptd4-7qfs
vulnerability_id VCID-ykj6-ptd4-7qfs
summary 
Moodle affected by a code injection vulnerability
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67847
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08982
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67847
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=471297#p1892199
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=471297#p1892199
3
reference_url https://access.redhat.com/security/cve/CVE-2025-67847
reference_id CVE-2025-67847
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:19Z/
url https://access.redhat.com/security/cve/CVE-2025-67847
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67847
reference_id CVE-2025-67847
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67847
5
reference_url https://github.com/advisories/GHSA-xvmh-25jw-gmmm
reference_id GHSA-xvmh-25jw-gmmm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xvmh-25jw-gmmm
fixed_packages
0
url pkg:composer/moodle/moodle@5.1.1
purl pkg:composer/moodle/moodle@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-657g-68tv-dkam
1
vulnerability VCID-j3ts-5ghc-4qct
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1
aliases CVE-2025-67847, GHSA-xvmh-25jw-gmmm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.0-rc1