CVE-2025-67856

MEDIUM5.4EPSS 0.02%

Moodle has an authorization logic flaw

發布日:2026/2/3修改日:2026/2/12

也稱為:GHSA-hcm6-q6pc-xfhmBIT-moodle-2025-67856

描述

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

受影響套件(2)

Bitnami/moodlefrom 0, < 4.1.22, >= 4.4.0, < 4.4.12, >= 4.5.0, < 4.5.8, >= 5.0.0, < 5.0.4, >= 5.1.0, < 5.1.1
Packagist/moodle/moodlefrom 0, < 4.1.22

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-67856
PATCHhttps://github.com/moodle/moodle
WEBhttps://access.redhat.com/security/cve/CVE-2025-67856
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2423864
WEBhttps://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0
WEBhttps://moodle.org/mod/forum/discuss.php?d=471306