CVE-2025-67852
Unknown Unknown - Not Provided
Open Redirect in Moodle OAuth Login Enables Phishing Attacks

Publication date: 2026-02-03

Last updated on: 2026-02-11

Assigner: Fedora Project

Description
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67852
EUVD
EUVD-2025-206747
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.4.0 (inc) to 4.4.11 (exc)
moodle moodle From 4.5.0 (inc) to 4.5.8 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.4 (exc)
moodle moodle 5.1.0
moodle moodle to 4.1.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an open redirect flaw in Moodle's OAuth login flow. It occurs because the redirect URL parameter is not properly validated, allowing a remote attacker to redirect users to attacker-controlled websites after they have successfully logged in. [1]

Impact Analysis

The vulnerability can lead to phishing attacks or information disclosure by redirecting authenticated users to malicious external sites controlled by attackers. [1]

Detection Guidance

Detection can focus on monitoring OAuth login flows for suspicious redirect URL parameters that point to external or attacker-controlled domains. Since the vulnerability involves insufficient validation of redirect parameters, inspecting web server logs or application logs for OAuth redirect requests with unusual or external URLs may help identify exploitation attempts. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or validating redirect URL parameters in the OAuth login flow to ensure they only point to trusted internal URLs. Additionally, monitoring and alerting on suspicious redirect attempts can help. Since no fixed version or patch is available yet, applying strict input validation and educating users about phishing risks are recommended. [1]

Compliance Impact

[{'type': 'paragraph', 'content': "The vulnerability is an open redirect in Moodle's OAuth login flow that could lead to phishing attacks or information disclosure by redirecting users to attacker-controlled pages after authentication."}, {'type': 'paragraph', 'content': 'Such phishing risks and potential information disclosure could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of user data and prevention of unauthorized access or data breaches.'}, {'type': 'paragraph', 'content': 'However, the provided information does not explicitly state the direct impact on compliance with these standards.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67852. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart