Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-67852

3.5 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse removed package moodle-dl 1 month, 2 weeks ago

Moodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

References

https://access.redhat.com/security/cve/CVE-2025-67852 x_refsource_REDHAT vdb-entry
RHBZ#2423844 issue-tracking x_refsource_REDHAT

Affected products

moodle

<5.1.1
<5.0.4
<4.5.8
<4.1.22
<4.4.12

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.1.1
nixos-25.11 -
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@freezeboy freezeboy

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.moodle

Package maintainers