CVE-2025-67847

Summary

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

Affected Software

VendorProductVersion RangeStatus
5.1.0 < 5.1.1affected
5.0.0 < 5.0.4affected
4.5.0 < 4.5.8affected
4.4.0 < 4.4.12affected
4.1.0 < 4.1.22affected
0 < 4.1.0affected

Weaknesses

  • CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References