CVE-2025-67857: Moodle: moodle: data exposure of user identifiers in urls

Q: What is the severity of CVE-2025-67857?

The severity of CVE-2025-67857 is considered moderate due to potential data exposure of user identifiers.

Q: How do I fix CVE-2025-67857?

To fix CVE-2025-67857, upgrade Moodle to version 5.1.1, 5.0.4, 4.5.8, 4.4.12, or 4.1.22.

Q: What kind of data is exposed in CVE-2025-67857?

CVE-2025-67857 exposes user identifiers in URLs during anonymous assignment submissions.

Q: Who is affected by CVE-2025-67857?

Users of Moodle versions prior to the patched versions mentioned are affected by CVE-2025-67857.

Q: What impact does CVE-2025-67857 have on user privacy?

CVE-2025-67857 compromises user privacy by revealing internal user IDs to unauthorized viewers.

Published Dec 19, 2025

Updated

A data exposure issue existed where user identifiers were visible in URLs during anonymous assignment submissions, contrary to expected anonymity protections. This could reveal internal IDs to unauthorized viewers.

Affected Software

11 affected componentsFixes available

Moodle Moodle

composer/moodle/moodle>=5.1.0-beta<5.1.1

5.1.1

composer/moodle/moodle>=5.0.0-beta<5.0.4

5.0.4

composer/moodle/moodle>=4.5.0-beta<4.5.8

4.5.8

composer/moodle/moodle>=4.4.0-beta<4.4.12

4.4.12

composer/moodle/moodle<4.1.22

4.1.22

Moodle Moodle<4.1.21

Moodle Moodle>=4.4.0<4.4.11

Moodle Moodle>=4.5.0<4.5.8

Moodle Moodle>=5.0.0<5.0.4

Moodle Moodle=5.1.0

Event History

Dec 19, 2025

Data Sourced

via Red Hat·01:50 PM

DescriptionSeverityAffected Software

Feb 3, 2026

CVE Published

via MITRE·10:52 AM

Data Sourced

via MITRE·10:52 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·11:15 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·11:15 AM

Affected Software

Advisory Published

via GitHub·12:30 PM

Data Sourced

via GitHub·12:30 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-67857?

The severity of CVE-2025-67857 is considered moderate due to potential data exposure of user identifiers.

How do I fix CVE-2025-67857?

To fix CVE-2025-67857, upgrade Moodle to version 5.1.1, 5.0.4, 4.5.8, 4.4.12, or 4.1.22.

What kind of data is exposed in CVE-2025-67857?

CVE-2025-67857 exposes user identifiers in URLs during anonymous assignment submissions.

Who is affected by CVE-2025-67857?

Users of Moodle versions prior to the patched versions mentioned are affected by CVE-2025-67857.

What impact does CVE-2025-67857 have on user privacy?

CVE-2025-67857 compromises user privacy by revealing internal user IDs to unauthorized viewers.

CVE-2025-67857: Moodle: moodle: data exposure of user identifiers in urls

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-67857?

How do I fix CVE-2025-67857?

What kind of data is exposed in CVE-2025-67857?

Who is affected by CVE-2025-67857?

What impact does CVE-2025-67857 have on user privacy?

Company

Resources

Contact