CVE-2025-67856

Medium CVSS: 5.4

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Vendor

Moodle

Product

Moodle

CWE

NVD-CWE-noinfo

Yayın Tarihi

2026-02-03 11:15:55

Güncelleme

2026-02-26 22:20:43

Source Identifier

patrick@puiterwijk.org

KEV Date Added

Kategoriler

NVD-CWE-noinfo Moodle MEDIUM Moodle 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2025-67856 https://bugzilla.redhat.com/show_bug.cgi?id=2423864

Benzer Kayıtlar

High

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration…

Medium

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimete…

High

CVE-2026-26045

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly va…

Medium

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs…

High

CVE-2025-67849

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt…

High

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks o…