Home > Vulnerability Database > CVE-2025-67852

Mend.io Vulnerability Database

CVE-2025-67852

Good to know:

Date: February 3, 2026

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

Severity Score

3.5

Related Resources (7)

Url: https://moodle.org/mod/forum/discuss.php?d=471302

Url: https://access.redhat.com/security/cve/CVE-2025-67852

Url: https://github.com/moodle/moodle

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67852

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2423844

Url: https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975

Url: https://www.mend.io/vulnerability-database/CVE-2025-67852

Severity Score

3.5

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.1.22;moodle/moodle - v4.4.12;moodle/moodle - v4.5.8;moodle/moodle - v5.0.4;moodle/moodle - v5.1.1;https://github.com/moodle/moodle.git - v4.5.8;https://github.com/moodle/moodle.git - v4.4.12;https://github.com/moodle/moodle.git - v4.1.22;https://github.com/moodle/moodle.git - v5.1.1;https://github.com/moodle/moodle.git - v5.0.4

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67852

Good to know:

Date: February 3, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?