CVE-2025-67849
Unknown Unknown - Not Provided
Cross-Site Scripting in Moodle AI Prompt Causes Session Hijacking

Publication date: 2026-02-03

Last updated on: 2026-02-11

Assigner: Fedora Project

Description
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67849
EUVD
EUVD-2025-206737
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.5.0 (inc) to 4.5.8 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.4 (exc)
moodle moodle 5.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

I don't know

Executive Summary

This vulnerability is a cross-site scripting (XSS) flaw in Moodle caused by improper sanitization of AI prompt responses. It allows attackers to inject malicious HTML or scripts into web pages, which can then be executed when other users view those pages. [1]

Impact Analysis

The vulnerability can lead to session theft or manipulation of the user interface for users who view the compromised pages. This means attackers could hijack user sessions or alter what users see and interact with on Moodle. [1]

Mitigation Strategies

To mitigate this vulnerability, you should update Moodle to a version where the improper sanitization of AI prompt responses is fixed. Additionally, monitor and restrict user input that interacts with AI prompt responses to prevent injection of malicious scripts. Applying security patches from your Moodle vendor or distribution is recommended as an immediate step. [1]

Compliance Impact

The vulnerability allows attackers to inject malicious scripts that can steal user sessions or manipulate the user interface.

Such unauthorized access and manipulation of user data could potentially lead to violations of data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information.

However, the provided information does not explicitly state the impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67849. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart