CVE-2025-26529
Published: 24 February 2025
Description
Adversaries may abuse various implementations of JavaScript for execution.
Security Summary
CVE-2025-26529 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting the Moodle learning management system. The flaw occurs in the site administration live log, where description information displayed to administrators lacked sufficient sanitization, enabling a stored XSS risk. It carries a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-02-24.
Attackers can exploit this vulnerability remotely over the network without requiring authentication privileges (PR:N), though it demands high attack complexity (AC:H) and user interaction (UI:R), such as an administrator viewing the affected log. Successful exploitation changes scope (S:C) and can lead to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing attackers to execute arbitrary scripts in the victim's browser context.
Mitigation is provided through a patch in the Moodle Git repository, searchable under commit details for MDL-84145 at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145. Additional discussion and context are available in the Moodle forum thread at https://moodle.org/mod/forum/discuss.php?d=466145.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Stored XSS in public-facing Moodle web app enables remote exploitation without auth (T1190) and arbitrary JavaScript execution in admin browser context (T1059.007).