Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Published

2026-02-03T11:15:55.963

Last Modified

2026-02-11T18:58:00.007

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	moodle	moodle	< 4.1.22	Yes
Application	moodle	moodle	< 4.4.12	Yes
Application	moodle	moodle	< 4.5.8	Yes
Application	moodle	moodle	< 5.0.4	Yes
Application	moodle	moodle	5.1.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-67856 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2423864 Third Party Advisory ([email protected])