CVE-2025-67847

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

Vulnerability Details

Published Date

January 23, 2026

Last Modified

January 26, 2026

CWE ID

CWE-94

Source

GitHub

Vendor

composer

Product

moodle/moodle

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-67847
https://access.redhat.com/security/cve/CVE-2025-67847
https://github.com/advisories/GHSA-xvmh-25jw-gmmm

CVE-2025-67847

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment