CVE-2025-26530
Published: 24 February 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-26530 is a reflected cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting the question bank filter in Moodle due to insufficient sanitizing of inputs. Published on 2025-02-24, it carries a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity with network accessibility but requiring high attack complexity and user interaction.
The vulnerability can be exploited by unauthenticated attackers over the network who craft malicious payloads targeting the question bank filter. Exploitation requires a user, such as an authenticated Moodle user or administrator, to interact with a specially crafted link or input, such as clicking a malicious URL. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and denial of availability, with a changed scope that potentially affects the broader Moodle environment.
Moodle advisories reference a patch in git commit MDL-84146, available via the project's repository, which adds necessary sanitization to the question bank filter. Additional details are discussed in the Moodle forum thread at https://moodle.org/mod/forum/discuss.php?d=466146.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The reflected XSS vulnerability in the publicly accessible Moodle question bank filter directly enables T1190 (Exploit Public-Facing Application) by allowing unauthenticated attackers to craft malicious URLs that execute scripts in a victim's browser upon interaction, leading to high-impact effects with changed scope.