What is the CVSS score of CVE-2025-67849?

CVE-2025-67849 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Moodle are affected by CVE-2025-67849?

CVE-2025-67849 is a cross-site scripting (XSS) vulnerability in Moodle's AI prompt response handling that could allow attackers to inject malicious code affecting students, instructors, and staff.. A patch is available.

How to fix or mitigate CVE-2025-67849?

Within 24 hours: Disable AI-assisted features in Moodle or restrict access to trusted users only; audit logs for suspicious AI prompt activity. Within 7 days: Deploy WAF rules to filter XSS payloads in AI prompt responses; conduct user awareness training on phishing risks. Within 30 days: Monitor vendor advisories for patch release; prepare deployment plan with testing; implement input validation on all user-facing AI features.

Moodle CVE-2025-67849

HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-02-03 patrick@puiterwijk.org

GHSA-mhf6-pp52-8wqj

Moodle XSS AI / ML

7.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.3 HIGH

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 11:15 nvd

HIGH 7.3

DescriptionCVE.org

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

AnalysisAI

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects Moodle. A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-67849 vulnerability details – vuln.today

Back