CVE-2025-67852
Open Redirect in Moodle OAuth Login Enables Phishing Attacks
Publication date: 2026-02-03
Last updated on: 2026-02-11
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | From 4.4.0 (inc) to 4.4.11 (exc) |
| moodle | moodle | From 4.5.0 (inc) to 4.5.8 (exc) |
| moodle | moodle | From 5.0.0 (inc) to 5.0.4 (exc) |
| moodle | moodle | 5.1.0 |
| moodle | moodle | to 4.1.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect flaw in Moodle's OAuth login flow. It occurs because the redirect URL parameter is not properly validated, allowing a remote attacker to redirect users to attacker-controlled websites after they have successfully logged in. [1]
How can this vulnerability impact me? :
The vulnerability can lead to phishing attacks or information disclosure by redirecting authenticated users to malicious external sites controlled by attackers. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring OAuth login flows for suspicious redirect URL parameters that point to external or attacker-controlled domains. Since the vulnerability involves insufficient validation of redirect parameters, inspecting web server logs or application logs for OAuth redirect requests with unusual or external URLs may help identify exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or validating redirect URL parameters in the OAuth login flow to ensure they only point to trusted internal URLs. Additionally, monitoring and alerting on suspicious redirect attempts can help. Since no fixed version or patch is available yet, applying strict input validation and educating users about phishing risks are recommended. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
[{'type': 'paragraph', 'content': "The vulnerability is an open redirect in Moodle's OAuth login flow that could lead to phishing attacks or information disclosure by redirecting users to attacker-controlled pages after authentication."}, {'type': 'paragraph', 'content': 'Such phishing risks and potential information disclosure could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of user data and prevention of unauthorized access or data breaches.'}, {'type': 'paragraph', 'content': 'However, the provided information does not explicitly state the direct impact on compliance with these standards.'}] [1]