How to fix CVE-2025-67848?

Within 24 hours: Disable LTI Provider functionality if operationally feasible, or restrict LTI integrations to trusted partners only; audit recent LTI authentication logs for suspicious activity. Within 7 days: Implement network segmentation to limit LTI endpoint exposure; deploy WAF rules to detect anomalous LTI authentication patterns; establish incident response procedures. Within 30 days: Monitor Moodle security advisories for patch release; conduct security assessment of LTI configurations; prepare patch deployment testing in non-production environment.

Is Moodle affected by CVE-2025-67848?

A critical authentication bypass vulnerability in Moodle's LTI Provider integration allows attackers to gain unauthorized access to learning management systems without valid credentials.

CVE-2025-67848

HIGH

2026-02-03 [email protected]

GHSA-j5jv-w5cw-j9ff

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 11:15 nvd

HIGH 8.1

Description

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Analysis

Moodle contains a vulnerability that allows attackers to authenticate through the Learning Tools Interoperability (LTI) Provider (CVSS 8.1).

Technical Context

affects Moodle. was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Affected Products

Vendor: Moodle. Product: Moodle.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +40

POC: 0

CVE-2025-67848 vulnerability details – vuln.today

Back

CVE-2025-67848

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-67848

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code