CVE-2025-67856CRITICAL 9.8EPSS p18.7%

CVE-2025-67856CVE-2025-67856

Description

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.27% probability of exploitation · percentile 18.7% · 2026-06-18T12:00:27Z
Published2026-02-03
Last modified2026-02-26

Underlying weaknesses· 1

CWE-863

References

  1. https://access.redhat.com/security/cve/CVE-2025-67856
  2. https://bugzilla.redhat.com/show_bug.cgi?id=2423864

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67848
CVE
CVE-2025-67847
CVE
CVE-2025-3642
CVE
CVE-2025-3641
CVE
CVE-2025-15656
CVE
CVE-2025-3638
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.