Description
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
References (2)
Core 2
Core References
Vendor Advisory
https://mahara.org/interaction/forum/topic.php?id=9594
Product
https://www.mahara.org
Scores
CVSS v3
8.8
EPSS
0.0029
EPSS Percentile
20.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (1)
mahara/mahara
< 23.04.9
Published
Aug 26, 2025
Tracked Since
Feb 18, 2026