Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-67851

Good to know:

icon
icon

Date: February 3, 2026

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Severity Score

Related Resources (9)

https://moodle.org/mod/forum/discuss.php?d=471301
https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22
https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746
https://github.com/moodle/moodle
https://bugzilla.redhat.com/show_bug.cgi?id=2423841
https://nvd.nist.gov/vuln/detail/CVE-2025-67851
https://access.redhat.com/security/cve/CVE-2025-67851
https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd
https://www.mend.io/vulnerability-database/CVE-2025-67851

Severity Score

Weakness Type (CWE)

Improper Neutralization of Formula Elements in a CSV File

CWE-1236

Top Fix

icon

Upgrade Version

Upgrade to version moodle/moodle - v4.1.22;moodle/moodle - v4.4.12;moodle/moodle - v4.5.8;moodle/moodle - v5.0.4;https://github.com/moodle/moodle.git - v4.5.8;https://github.com/moodle/moodle.git - v4.4.12;https://github.com/moodle/moodle.git - v4.1.22;https://github.com/moodle/moodle.git - v5.1.1;https://github.com/moodle/moodle.git - v5.0.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us