Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-67852

created 20 hours ago

Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

Affected products

moodle

<4.5.8
<5.1.1
<4.4.12
<4.1.22
<5.0.4

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.1.1
nixos-25.11 -
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4
nixos-25.05 5.0
- nixos-25.05-small 5.0
- nixpkgs-25.05-darwin 5.0

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable 2.3.13
- nixpkgs-unstable 2.3.13
- nixos-unstable-small 2.3.13
nixos-25.11 -
- nixos-25.11-small 2.3.13
- nixpkgs-25.11-darwin 2.3.13
nixos-25.05 2.3.13
- nixos-25.05-small 2.3.13
- nixpkgs-25.05-darwin 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers