Vulnerability Database

321,822

Total vulnerabilities in the database

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2025-67856
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://access.redhat.com/security/cve/CVE-2025-67856
https://bugzilla.redhat.com/show_bug.cgi?id=2423864

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo