CVE-2025-67852

EUVD-2025-206747
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
fedoraCNA
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
< 4.1.22
moodlemoodle
4.4.0 ≤
𝑥
< 4.4.11
moodlemoodle
4.5.0 ≤
𝑥
< 4.5.8
moodlemoodle
5.0.0 ≤
𝑥
< 5.0.4
moodlemoodle
5.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-67852
https://bugzilla.redhat.com/show_bug.cgi?id=2423844