BIT-moodle-2025-67856

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67856.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2025-67856

Aliases

Published

2026-02-12T08:51:12.105Z

Modified

2026-02-12T09:26:15.959410Z

Summary

Moodle: moodle: privilege escalation via incomplete role checks in badge awarding

Details

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.22

Introduced

4.4.0

Fixed

4.4.12

Introduced

4.5.0

Fixed

4.5.8

Introduced

5.0.0

Fixed

5.0.4

Introduced

5.1.0

Fixed

5.1.1

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67856.json"