What is the CVSS score of CVE-2025-67852?

CVE-2025-67852 has a CVSS 3.1 base score of 3.5 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Moodle are affected by CVE-2025-67852?

CVE-2025-67852 is a low-severity vulnerability in A flaw (CVSS 3.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

How to fix or mitigate CVE-2025-67852?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Moodle CVE-2025-67852

LOW

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-02-03 patrick@puiterwijk.org

GHSA-qv78-6gpp-hm68

Moodle Information Disclosure Open Redirect

3.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

3.5 LOW

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 11:15 nvd

LOW 3.5

DescriptionCVE.org

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

AnalysisAI

Technical ContextAI

Classified as CWE-601 (URL Redirection to Untrusted Site (Open Redirect)). Affects Moodle. A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-67852 vulnerability details – vuln.today

Back