VYPR
High severityOSV Advisory· Published Jan 23, 2026· Updated Feb 26, 2026

Moodle: moodle: remote code execution via insufficient restore input validation

CVE-2025-67847

Description

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 5.1.0-beta, < 5.1.15.1.1
moodle/moodlePackagist
>= 5.0.0-beta, < 5.0.45.0.4
moodle/moodlePackagist
>= 4.5.0-beta, < 4.5.84.5.8
moodle/moodlePackagist
>= 4.2.0-beta, < 4.4.124.4.12
moodle/moodlePackagist
< 4.1.224.1.22

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.