Cyber Posture

CVE-2025-26533

High

Published: 24 February 2025

Published
24 February 2025
Modified
06 August 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0040 60.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-26533 is an SQL injection vulnerability (CWE-89) identified in the module list filter within the course search functionality of Moodle. Published on 2025-02-24, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to potential impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by a remote, unauthenticated attacker over the network, requiring high attack complexity but no user interaction. Successful exploitation allows the attacker to manipulate SQL queries, potentially leading to unauthorized data access, modification, or denial of service consistent with the high impact ratings across confidentiality, integrity, and availability.

Mitigation details are available in Moodle's git repository, specifically via commits associated with tracker issue MDL-84271, and further discussion on the Moodle forum thread. Security practitioners should review these references for patch application guidance.

Details

CWE(s)
CWE-89

Affected Products

moodle
moodle
4.1.0 — 4.1.16 · 4.3.0 — 4.3.10 · 4.4.0 — 4.4.6

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SQL injection in public-facing Moodle web application directly enables remote exploitation of internet-facing software per T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References