Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-67852)

Description

A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.

Remediation

References

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2003-0718)

Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)

Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)

SharePoint URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-1323)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55208)

Severity

Medium

Classification

CVE-2025-67852 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities