Vulnerability Database

321,822

Total vulnerabilities in the database

CVE-2025-67848

A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2025-67848
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-280

Affected Software
References

No affected software listed.

https://access.redhat.com/security/cve/CVE-2025-67848
https://bugzilla.redhat.com/show_bug.cgi?id=2423831
https://moodle.org/mod/forum/discuss.php?d=471298

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo