{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T15:01:27.395","vulnerabilities":[{"cve":{"id":"CVE-2025-67848","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-02-03T11:15:54.107","lastModified":"2026-02-11T18:31:20.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted."},{"lang":"es","value":"Se encontró una falla en Moodle. Esta vulnerabilidad de omisión de autenticación permite a usuarios suspendidos autenticarse a través del Proveedor de Interoperabilidad de Herramientas de Aprendizaje (LTI). El problema surge de que los manejadores de autenticación LTI no aplican el estado de suspensión del usuario, lo que permite el acceso no autorizado al sistema. Esto puede llevar a la revelación de información o a otras acciones no autorizadas por parte de usuarios que deberían estar restringidos."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.22","matchCriteriaId":"A2DF3FD1-3A53-41D9-890B-F6DE973AB09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.11","matchCriteriaId":"CED60CDC-8F12-481C-9ADD-8559860A2B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.8","matchCriteriaId":"C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"06F81442-AEEB-483D-90A9-93DDBA5B95D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*","matchCriteriaId":"567FEE12-0E75-4F0C-B22E-E76990C80E1B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-67848","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423831","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=471298","source":"patrick@puiterwijk.org","tags":["Vendor Advisory"]}]}}]}