Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
5.1.0 (semver) before 5.1.1
affected
5.0.0 (semver) before 5.0.4
affected
4.5.0 (semver) before 4.5.8
affected
4.4.0 (semver) before 4.4.12
affected
4.1.0 (semver) before 4.1.22
affected
Any version before 4.1.0
affected
Description
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.
Problem types
Improper Control of Generation of Code ('Code Injection')
Product status
5.1.0 (semver) before 5.1.1
5.0.0 (semver) before 5.0.4
4.5.0 (semver) before 4.5.8
4.4.0 (semver) before 4.4.12
4.1.0 (semver) before 4.1.22
Any version before 4.1.0
Timeline
| 2025-12-19: | Reported to Red Hat. |
| 2025-12-15: | Made public. |
Credits
Red Hat would like to thank Dinhnhi for reporting this issue.
References
access.redhat.com/security/cve/CVE-2025-67847