Skip to main content

Moodle CVE-2025-67851

MEDIUM
Improper Neutralization of Formula Elements in a CSV File (CWE-1236)
2026-02-03 patrick@puiterwijk.org GHSA-qfh6-h7j6-fvjv
Moodle
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Feb 03, 2026 - 11:15 nvd
MEDIUM 6.1

DescriptionCVE.org

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

AnalysisAI

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. [CVSS 6.1 MEDIUM]

Technical ContextAI

Classified as CWE-1236 (Improper Neutralization of Formula Elements in a CSV File). Affects Moodle. A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2025-67851 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy