CVE-2025-67851

EUVD-2025-206735
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
fedoraCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
< 4.1.22
moodlemoodle
4.4.0 ≤
𝑥
< 4.4.11
moodlemoodle
4.5.0 ≤
𝑥
< 4.5.8
moodlemoodle
5.0.0 ≤
𝑥
< 5.0.4
moodlemoodle
5.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-67851
https://bugzilla.redhat.com/show_bug.cgi?id=2423841
https://moodle.org/mod/forum/discuss.php?d=471301