CVE-2025-67848
HIGHMoodle < 4.1.22 - Authentication Bypass via LTI Provider
Title source: llmDescription
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-67848
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2423831
Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=471298
Scores
CVSS v3
8.1
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-280
Status
published
Products (3)
moodle/moodle
5.1.0
moodle/moodle
< 4.1.22
moodle/moodle
0 - 4.1.22Packagist
Published
Feb 03, 2026
Tracked Since
Feb 18, 2026