CVE-2025-67850 — Moodle vulnerable to Cross-site Scripting

Description

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.

How to fix CVE-2025-67850

To remediate CVE-2025-67850, upgrade the affected package to a fixed version below.

—upgrade to 4.1.22 or later
—upgrade to 4.1.22 or later

Is CVE-2025-67850 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.1.22, >= 4.4.0, < 4.4.11, >= 4.5.0, < 4.5.8, >= 5.0.0, < 5.0.4, >= 5.1.0, < 5.1.1
from 0, < 4.1.22

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-67850
PATCHgithub.com/moodle/moodle
WEBaccess.redhat.com/security/cve/CVE-2025-67850
WEBbugzilla.redhat.com/show_bug.cgi?id=2423838
WEB