Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-67848

Good to know:

icon
icon

Date: February 3, 2026

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Severity Score

Related Resources (8)

https://nvd.nist.gov/vuln/detail/CVE-2025-67848
https://access.redhat.com/security/cve/CVE-2025-67848
https://bugzilla.redhat.com/show_bug.cgi?id=2423831
https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8
https://moodle.org/mod/forum/discuss.php?d=471298
https://www.mend.io/vulnerability-database/CVE-2025-67848

Severity Score

Weakness Type (CWE)

Improper Handling of Insufficient Permissions or Privileges

CWE-280

Top Fix

icon

Upgrade Version

Upgrade to version moodle/moodle - v4.1.22;moodle/moodle - v5.0.4;moodle/moodle - v4.4.12;moodle/moodle - v4.5.8;moodle/moodle - v5.1.1;https://github.com/moodle/moodle.git - v4.5.8;https://github.com/moodle/moodle.git - v4.4.12;https://github.com/moodle/moodle.git - v4.1.22;https://github.com/moodle/moodle.git - v5.1.1;https://github.com/moodle/moodle.git - v5.0.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us