Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-67848

Summary
Assigner-fedora
Assigner Org ID-92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At-03 Feb, 2026 | 10:51
Updated At-04 Feb, 2026 | 04:55
Rejected At-
Credits

Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fedora
Assigner Org ID:92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5
Published At:03 Feb, 2026 | 10:51
Updated At:04 Feb, 2026 | 04:55
Rejected At:
▼CVE Numbering Authority (CNA)
Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Affected Products
Collection URL
https://github.com/moodle/moodle/
Package Name
moodle
Default Status
unaffected
Versions
Affected
  • From 4.1.0 before 4.1.22 (semver)
  • From 4.4.0 before 4.4.12 (semver)
  • From 4.5.0 before 4.5.8 (semver)
  • From 5.0.0 before 5.0.4 (semver)
  • From 5.1.0 before 5.1.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-280Improper Handling of Insufficient Permissions or Privileges
Type: CWE
CWE ID: CWE-280
Description: Improper Handling of Insufficient Permissions or Privileges
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Red Hat would like to thank Attilio Ferrari for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2025-12-19 11:53:00
Made public.2025-12-15 04:00:00
Event: Reported to Red Hat.
Date: 2025-12-19 11:53:00
Event: Made public.
Date: 2025-12-15 04:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2025-67848
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2423831
issue-tracking
x_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=471298
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-67848
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2423831
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=471298
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:patrick@puiterwijk.org
Published At:03 Feb, 2026 | 11:15
Updated At:11 Feb, 2026 | 18:31

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Moodle Pty Ltd
moodle
>>moodle>>Versions before 4.1.22(exclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 4.4.0(inclusive) to 4.4.11(exclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 4.5.0(inclusive) to 4.5.8(exclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>Versions from 5.0.0(inclusive) to 5.0.4(exclusive)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Moodle Pty Ltd
moodle
>>moodle>>5.1.0
cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-280Secondarypatrick@puiterwijk.org
CWE ID: CWE-280
Type: Secondary
Source: patrick@puiterwijk.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2025-67848patrick@puiterwijk.org
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2423831patrick@puiterwijk.org
Issue Tracking
Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=471298patrick@puiterwijk.org
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-67848
Source: patrick@puiterwijk.org
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2423831
Source: patrick@puiterwijk.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://moodle.org/mod/forum/discuss.php?d=471298
Source: patrick@puiterwijk.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2020-1692
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-0.17% / 37.99%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 15:38
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43702
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-8.1||HIGH
EPSS-0.09% / 26.08%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 02:30
Updated-01 Dec, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages

Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDKddk
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2025-62510
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 17:39
Updated-04 Dec, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileRise insecure folder visibility via name-based mapping and incomplete ACL checks

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.

Action-Not Available
Vendor-fileriseerror311
Product-fileriseFileRise
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-284
Improper Access Control
CVE-2020-29031
Matching Score-4
Assigner-Secomea A/S
ShareView Details
Matching Score-4
Assigner-Secomea A/S
CVSS Score-7.1||HIGH
EPSS-0.22% / 43.92%
||
7 Day CHG~0.00%
Published-15 Feb, 2021 | 15:52
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c

Action-Not Available
Vendor-Secomea A/S
Product-gatemanager_9250_firmwaregatemanager_8250gatemanager_8250_firmwaregatemanager_9250gatemanager_4250gatemanager_4260gatemanager_4250_firmwaregatemanager_4260_firmwareGateManager
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-62509
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-20 Oct, 2025 | 17:38
Updated-04 Dec, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FileRise improper ownership/permission validation allowed cross-tenant file operations

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs server-side, avoid creating top-level folders named after other usernames, and adding server-side checks that verify ownership before delete/rename/move.

Action-Not Available
Vendor-fileriseerror311
Product-fileriseFileRise
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-284
Improper Access Control
Details not found