CVE-2025-67853
Unknown Unknown - Not Provided
Rate Limiting Bypass in Moodle Email Service Enables Credential Enumeration

Publication date: 2026-02-03

Last updated on: 2026-02-11

Assigner: Fedora Project

Description
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-67853
EUVD
EUVD-2025-206748
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.4.0 (inc) to 4.4.11 (exc)
moodle moodle From 4.5.0 (inc) to 4.5.8 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.4 (exc)
moodle moodle 5.1.0
moodle moodle to 4.1.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Moodle is due to a lack of proper rate limiting in the confirmation email service. Because of this flaw, a remote attacker can repeatedly attempt to enumerate or guess user credentials without being blocked or slowed down, making brute-force attacks against user accounts easier. [1]

Impact Analysis

The vulnerability can allow attackers to perform brute-force attacks on user accounts by guessing or enumerating credentials more easily. This can lead to unauthorized access to user accounts, potentially compromising sensitive information or user data. [1]

Detection Guidance

Detection of this vulnerability involves monitoring the confirmation email service in Moodle for unusually high or rapid numbers of requests that could indicate brute-force attempts. Network or application logs should be analyzed for repeated access to the confirmation email endpoint. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include implementing proper rate limiting on the Moodle confirmation email service to restrict the number of attempts an attacker can make. Monitoring and alerting on suspicious activity targeting the confirmation email endpoint is also recommended. No specific patches or configuration commands are detailed in the provided resources. [1]

Compliance Impact

The vulnerability in Moodle allows attackers to enumerate or guess user credentials through a lack of proper rate limiting in the confirmation email service, facilitating brute-force attacks.

Such unauthorized access risks could lead to exposure of personal or sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding user information and preventing unauthorized access.

However, the provided information does not explicitly state the direct impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67853. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart