Home > Vulnerability Database > CVE-2025-67856

Mend.io Vulnerability Database

CVE-2025-67856

Good to know:

Date: February 3, 2026

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Severity Score

5.4

Related Resources (7)

Url: https://access.redhat.com/security/cve/CVE-2025-67856

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67856

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2423864

Url: https://github.com/moodle/moodle

Url: https://moodle.org/mod/forum/discuss.php?d=471306

Url: https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0

Url: https://www.mend.io/vulnerability-database/CVE-2025-67856

Severity Score

5.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.1.22;moodle/moodle - v4.4.12;moodle/moodle - v5.0.4;https://github.com/moodle/moodle.git - v4.4.12;https://github.com/moodle/moodle.git - v4.1.22;https://github.com/moodle/moodle.git - v5.0.4;https://github.com/moodle/moodle.git - v4.5.8

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67856

Good to know:

Date: February 3, 2026

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?