Home > Vulnerability Database > CVE-2025-67857

Mend.io Vulnerability Database

CVE-2025-67857

Good to know:

Date: February 3, 2026

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

Severity Score

4.3

Related Resources (8)

Url: https://access.redhat.com/security/cve/CVE-2025-67857

Url: https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6

Url: https://moodle.org/mod/forum/discuss.php?d=471307

Url: https://github.com/moodle/moodle

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67857

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2423868

Url: https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0

Url: https://www.mend.io/vulnerability-database/CVE-2025-67857

Severity Score

4.3

Weakness Type (CWE)

Insertion of Sensitive Information Into Sent Data

CWE-201

Top Fix

Upgrade Version

Upgrade to version moodle/moodle - v4.1.22;moodle/moodle - v4.4.12;moodle/moodle - v5.0.4;moodle/moodle - v5.1.1;moodle/moodle - v4.5.8;https://github.com/moodle/moodle.git - v4.5.8;https://github.com/moodle/moodle.git - v4.4.12;https://github.com/moodle/moodle.git - v4.1.22;https://github.com/moodle/moodle.git - v5.1.1;https://github.com/moodle/moodle.git - v5.0.4

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67857

Good to know:

Date: February 3, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?