cbcvebase.
CVE-2025-67847
published 2026-01-23

CVE-2025-67847: A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.53%
40.6th percentile
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

Affected

10 ranges
VendorProductVersion rangeFixed in
moodlemoodle< 4.1.224.1.22
moodlemoodle
moodlemoodle>= 0 < 4.1.224.1.22
moodlemoodle>= 4.2.0-beta < 4.4.124.4.12
moodlemoodle>= 4.4.0 < 4.4.124.4.12
moodlemoodle>= 4.5.0 < 4.5.84.5.8
moodlemoodle>= 4.5.0-beta < 4.5.84.5.8
moodlemoodle>= 5.0.0 < 5.0.45.0.4
moodlemoodle>= 5.0.0-beta < 5.0.45.0.4
moodlemoodle>= 5.1.0-beta < 5.1.15.1.1

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor access to Moodle's restore interface for unexpected or unauthorized restore operations, which is the attack vector for this RCE vulnerability.
  • Alert on server-side code execution originating from Moodle core restore routines, indicating exploitation of insufficient restore input validation.
  • ·No public exploit is currently available for this CVE, reducing immediate exploitation risk but not eliminating it.
  • ·Exploitation requires an authenticated attacker with access to the Moodle restore interface; restrict this privilege to trusted users only.
  • ·Fixes are available: Composer fix added January 23, 2026 and Nix fix added March 9, 2026. Patch immediately.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.