CVE-2025-67847

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67847

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67847.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67847

Aliases

Downstream

UBUNTU-CVE-2025-67847

Published

2026-01-23T05:16:24.250Z

Modified

2026-04-10T05:34:53.560080Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

References

https://access.redhat.com/security/cve/CVE-2025-67847

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Fixed

df1157bb845eabedd31989d6a1a6e18f638ff890

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

ca15d0f2e8f29ca605dfff2e05e098db3d461425

Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

48c9857449da61ee1efa89e679c30efb58d72484

Introduced

78e860178314c45441a21e0b99455400b8283d48

Fixed

a5b3ac7e43c082e6cb24a6094810735a945ff32e

Introduced

Last affected

eb47eff0719455a7e1f7a9805bc75dad3f6b3995

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.22"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.12"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.8"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.1.0-NA"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.5.0

v3.5.0-beta

v3.5.0-rc1

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.9.0

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v4.*

v4.0.0

v4.0.0-beta

v4.0.0-rc1

v4.0.0-rc2

v4.0.0-rc3

v4.0.0-rc4

v4.1.0

v4.1.0-beta

v4.1.0-rc1

v4.1.0-rc2

v4.1.0-rc3

v4.1.1

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.1.15

v4.1.16

v4.1.17

v4.1.18

v4.1.19

v4.1.2

v4.1.20

v4.1.21

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.4.0

v4.4.1

v4.4.10

v4.4.11

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.4.8

v4.4.9

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.1.0

v5.1.0-beta

v5.1.0-rc1

v5.1.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67847.json"