CVE-2025-67851

Summary

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Affected Software

VendorProductVersion RangeStatus
4.1.0 < 4.1.22affected
4.4.0 < 4.4.12affected
4.5.0 < 4.5.8affected
5.0.0 < 5.0.4affected
5.1.0 < 5.1.1affected

Weaknesses

  • CWE-1236: Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References