Home > Vulnerability Database > CVE-2025-67849

Mend.io Vulnerability Database

CVE-2025-67849

Good to know:

Date: February 3, 2026

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

Severity Score

7.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67849

Url: https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03

Url: https://github.com/moodle/moodle

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2423835

Url: https://access.redhat.com/security/cve/CVE-2025-67849

Url: https://moodle.org/mod/forum/discuss.php?d=471299

Url: https://www.mend.io/vulnerability-database/CVE-2025-67849

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.5.8;moodle/moodle - v5.0.4;moodle/moodle - v5.1.1;https://github.com/moodle/moodle.git - v4.5.8;https://github.com/moodle/moodle.git - v5.1.1;https://github.com/moodle/moodle.git - v5.0.4

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67849

Good to know:

Date: February 3, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?