CVE-2025-67851

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67851

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67851.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67851

Aliases

Downstream

UBUNTU-CVE-2025-67851

Published

2026-02-03T11:15:55.367Z

Modified

2026-02-16T07:45:12.164863Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

df1157bb845eabedd31989d6a1a6e18f638ff890

Introduced

45798c7c70ca9deaf8f2c4c352ca314f16d30b53

Fixed

93ee606ed814d99865c7ad17b69cb1bb84f18c57

Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

d204a66488b91202141b60f3e8e190abc294ac49

Introduced

f1c169b32feed42eef9e15de6a9c5ab0aa997d79

Fixed

381b66b33a9b5f255d31f4508f26ad7c1a9af154

Affected versions

v4.*

v4.5.0

v4.5.1

v4.5.10

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v4.5.9

v5.*

v5.0.0

v5.0.0-beta

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67851.json"