8.1
CVE-2025-67848
- EPSS 0.02%
- Veröffentlicht 03.02.2026 11:15:54
- Zuletzt bearbeitet 03.02.2026 16:44:03
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/moodle/moodle/
≫
Paket
moodle
Default Statusunaffected
Version <
4.1.22
Version
4.1.0
Status
affected
Version <
4.4.12
Version
4.4.0
Status
affected
Version <
4.5.8
Version
4.5.0
Status
affected
Version <
5.0.4
Version
5.0.0
Status
affected
Version <
5.1.1
Version
5.1.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.055 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| patrick@puiterwijk.org | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-280 Improper Handling of Insufficient Permissions or Privileges
The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.