CVE-2025-67856

EUVD-2025-206750
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
fedoraCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
< 4.1.22
moodlemoodle
4.4.0 ≤
𝑥
< 4.4.12
moodlemoodle
4.5.0 ≤
𝑥
< 4.5.8
moodlemoodle
5.0.0 ≤
𝑥
< 5.0.4
moodlemoodle
5.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-67856
https://bugzilla.redhat.com/show_bug.cgi?id=2423864