CVE-2025-67849 — Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai promp

Description

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

How to fix CVE-2025-67849

To remediate CVE-2025-67849, upgrade the affected package to a fixed version below.

—upgrade to 4.5.8 or later
—upgrade to 4.1.22 or later

Is CVE-2025-67849 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

>= 4.5.0, < 4.5.8, >= 5.0.0, < 5.0.4, >= 5.1.0, < 5.1.1
from 0, < 4.1.22

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-67849
PATCHgithub.com/moodle/moodle
WEBaccess.redhat.com/security/cve/CVE-2025-67849
WEBbugzilla.redhat.com/show_bug.cgi?id=2423835
WEB