CVE-2025-67849 Overview
CVE-2025-67849 is a cross-site scripting (XSS) vulnerability in Moodle, the open-source learning management platform. The flaw stems from improper sanitization of AI prompt responses rendered in the web interface. Attackers can inject malicious HTML or JavaScript that executes in the browsers of other users viewing the affected pages.
Successful exploitation can lead to session theft, credential harvesting, or manipulation of the Moodle user interface. The vulnerability requires user interaction and operates over the network without prior authentication.
Critical Impact
Authenticated session hijacking and UI manipulation through reflected or stored XSS payloads delivered via AI prompt response rendering in Moodle.
Affected Products
- Moodle (multiple versions, per vendor CPE coverage)
- Moodle 5.1.0
- Deployments using Moodle AI prompt features
Discovery Timeline
- 2026-02-03 - CVE-2025-67849 published to the National Vulnerability Database (NVD)
- 2026-02-11 - Last updated in NVD database
Technical Details for CVE-2025-67849
Vulnerability Analysis
The vulnerability is classified as Cross-Site Scripting [CWE-79]. Moodle renders AI prompt responses into web pages without adequately sanitizing HTML and script content. When the AI subsystem returns attacker-controlled or attacker-influenced content, the output is reflected to other users without proper encoding.
The issue is exploitable over the network and requires user interaction, such as a victim viewing a page that contains the malicious AI response. The scope is changed because injected scripts execute under the victim's Moodle session context, affecting resources beyond the attacker's own privileges.
The attacker does not need prior authentication to influence the prompt response flow in vulnerable configurations. Confidentiality and integrity impacts are limited but meaningful within the application context.
Root Cause
The root cause is missing or insufficient output sanitization on AI-generated content before it is embedded into HTML responses. Moodle's rendering layer treats prompt output as trusted text, allowing HTML tags and <script> elements to pass through to the DOM.
Attack Vector
An attacker crafts an input that causes the AI subsystem to return a response containing malicious markup. When a legitimate Moodle user views the page rendering that response, the injected payload executes in their browser. Typical payloads target session cookies, perform actions on behalf of the user, or rewrite portions of the interface to facilitate phishing.
No verified public proof-of-concept code is available. See the Red Hat CVE Advisory and the Red Hat Bug Report for further technical context.
Detection Methods for CVE-2025-67849
Indicators of Compromise
- Unexpected <script>, <iframe>, or event-handler attributes (onerror, onload) stored in Moodle AI prompt records or course content.
- Outbound requests from user browsers to unknown domains following interactions with AI-assisted Moodle pages.
- Anomalous session token reuse or concurrent sessions for the same Moodle user from different IP addresses.
Detection Strategies
- Inspect Moodle application logs and database tables that store AI prompt inputs and responses for HTML or JavaScript syntax.
- Deploy a Content Security Policy (CSP) in report-only mode to surface inline script execution attempts within Moodle pages.
- Use web application firewall (WAF) rules to flag responses containing script tags within AI-related endpoints.
Monitoring Recommendations
- Monitor authentication and session events for indicators of token theft or impersonation following user interaction with AI features.
- Alert on administrative actions performed shortly after a user views AI-generated content.
- Capture browser-side CSP violation reports to a centralized log store for correlation.
How to Mitigate CVE-2025-67849
Immediate Actions Required
- Apply the Moodle security update addressing CVE-2025-67849 as soon as it is available for your branch.
- Audit existing AI prompt records and stored content for malicious markup and remove or neutralize affected entries.
- Rotate session keys and force re-authentication for users who interacted with AI features during the exposure window.
Patch Information
Refer to the Red Hat CVE Advisory and Moodle's official security announcements for fixed versions and package updates. Distribution-specific updates are tracked in the Red Hat Bug Report.
Workarounds
- Temporarily disable Moodle AI prompt features until the patch is applied.
- Enforce a strict Content Security Policy that blocks inline scripts and restricts script sources to trusted origins.
- Restrict access to AI-related endpoints to authenticated users and apply rate limiting to reduce abuse opportunities.
# Example restrictive CSP header for Moodle (adjust per deployment)
Header set Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
