What is the CVSS score of CVE-2025-67848?

CVE-2025-67848 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Moodle are affected by CVE-2025-67848?

A critical authentication bypass vulnerability in Moodle's LTI Provider integration allows attackers to gain unauthorized access to learning management systems without valid credentials.. A patch is available.

How to fix or mitigate CVE-2025-67848?

Within 24 hours: Disable LTI Provider functionality if operationally feasible, or restrict LTI integrations to trusted partners only; audit recent LTI authentication logs for suspicious activity. Within 7 days: Implement network segmentation to limit LTI endpoint exposure; deploy WAF rules to detect anomalous LTI authentication patterns; establish incident response procedures. Within 30 days: Monitor Moodle security advisories for patch release; conduct security assessment of LTI configurations; prepare patch deployment testing in non-production environment.

Moodle CVE-2025-67848

HIGH

Improper Handling of Insufficient Permissions or Privileges (CWE-280)

2026-02-03 patrick@puiterwijk.org

GHSA-j5jv-w5cw-j9ff

Moodle Authentication Bypass Information Disclosure

8.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 11:15 nvd

HIGH 8.1

DescriptionCVE.org

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

AnalysisAI

Moodle contains a vulnerability that allows attackers to authenticate through the Learning Tools Interoperability (LTI) Provider (CVSS 8.1).

Technical ContextAI

affects Moodle. was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-67848 vulnerability details – vuln.today

Back