CVE-2025-67852
MEDIUM WAF: Medium
CVSS 6.1
Published: 2026-02-03
CWE-601
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | up to 4.1.22 |
| moodle | moodle | 4.4.0 - 4.4.11 |
| moodle | moodle | 4.5.0 - 4.5.8 |
| moodle | moodle | 5.0.0 - 5.0.4 |
| moodle | moodle | 5.1.0 |
References
- access.redhat.com (Third Party Advisory)
- bugzilla.redhat.com (Third Party Advisory, Issue Tracking)