CVE-2025-67855 — Moodle vulnerable to Cross-site Scripting

Description

A flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.

How to fix CVE-2025-67855

To remediate CVE-2025-67855, upgrade the affected package to a fixed version below.

—upgrade to 4.1.22 or later
—upgrade to 4.1.22 or later

Is CVE-2025-67855 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.1.22, >= 4.4.0, < 4.4.11, >= 4.5.0, < 4.5.8, >= 5.0.0, < 5.0.4, >= 5.1.0, < 5.1.1
from 0, < 4.1.22

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-67855
PATCHgithub.com/moodle/moodle
WEBaccess.redhat.com/security/cve/CVE-2025-67855
WEBbugzilla.redhat.com/show_bug.cgi?id=2423861
WEB