CVE-2025-67848
Unknown Unknown - Not Provided
Authentication Bypass in Moodle LTI Allows Suspended User Access

Publication date: 2026-02-03

Last updated on: 2026-02-11

Assigner: Fedora Project

Description
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67848
EUVD
EUVD-2025-206738
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.4.0 (inc) to 4.4.11 (exc)
moodle moodle From 4.5.0 (inc) to 4.5.8 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.4 (exc)
moodle moodle 5.1.0
moodle moodle to 4.1.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Executive Summary

This vulnerability is an authentication bypass in Moodle's Learning Tools Interoperability (LTI) Provider. It occurs because the LTI authentication handlers do not properly enforce the suspension status of users. As a result, users who have been suspended can still authenticate and gain unauthorized access to the Moodle system. [1]

Impact Analysis

This vulnerability can allow suspended users to bypass restrictions and access the Moodle system. This unauthorized access can lead to information disclosure or other unauthorized actions by users who should be restricted, potentially compromising the security and integrity of the system. [1]

Compliance Impact

The vulnerability allows suspended users to bypass authentication and gain unauthorized access to the Moodle system. This unauthorized access can lead to information disclosure or other unauthorized actions.

Such unauthorized access and potential information disclosure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Mitigation Strategies

To mitigate this vulnerability, it is important to update Moodle to a version where the LTI authentication handlers properly enforce user suspension status.

Since the vulnerability allows suspended users to bypass suspension via LTI authentication, immediate mitigation involves applying patches or updates provided by Moodle or your Linux distribution that address this authentication bypass.

Additionally, reviewing and restricting LTI provider access or disabling LTI authentication temporarily until a fix is applied can reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67848. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart