7.5
CVE-2025-67853
- EPSS 0.03%
- Veröffentlicht 03.02.2026 11:15:55
- Zuletzt bearbeitet 11.02.2026 18:32:38
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service
Password brute force risk from confirmation email web service
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.
Mögliche Gegenmaßnahme
Moodle Server: Update to a patched version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemMoodle
≫
Produkt
Moodle Server
Version
< 4.1.0
Version
>= 5.1.0, < 5.1.1
Version
>= 5.0.0, < 5.0.4
Version
>= 4.5.0, < 4.5.8
Version
>= 4.4.0, < 4.4.12
Version
>= 4.1.0, < 4.1.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.094 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| patrick@puiterwijk.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.