CVE-2025-67851

MEDIUM
2026-02-03 [email protected] GHSA-qfh6-h7j6-fvjv
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 11:15 nvd
MEDIUM 6.1

Tags

Moodle

Description

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Analysis

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. [CVSS 6.1 MEDIUM]

Technical Context

Classified as CWE-1236 (Improper Neutralization of Formula Elements in a CSV File). Affects Moodle. A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

Affected Products

Vendor: Moodle. Product: Moodle.

Remediation

Monitor vendor advisories for a patch.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-67851 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy