{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T14:22:57.248","vulnerabilities":[{"cve":{"id":"CVE-2025-67851","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-02-03T11:15:55.367","lastModified":"2026-02-11T18:32:18.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet."},{"lang":"es","value":"Se encontró una falla en moodle. Esta vulnerabilidad de inyección de fórmulas ocurre cuando los campos de datos se exportan sin el escape adecuado. Un atacante remoto podría explotar esto al proporcionar datos maliciosos que, al exportarse y abrirse en una hoja de cálculo, permiten la ejecución de fórmulas arbitrarias. Esto puede llevar a un compromiso de la integridad de los datos y a operaciones no intencionadas dentro de la hoja de cálculo."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.22","matchCriteriaId":"A2DF3FD1-3A53-41D9-890B-F6DE973AB09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.11","matchCriteriaId":"CED60CDC-8F12-481C-9ADD-8559860A2B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.8","matchCriteriaId":"C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"06F81442-AEEB-483D-90A9-93DDBA5B95D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*","matchCriteriaId":"567FEE12-0E75-4F0C-B22E-E76990C80E1B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-67851","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423841","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=471301","source":"patrick@puiterwijk.org","tags":["Vendor Advisory"]}]}}]}