Main Vulnerability Database Vulnerabilities #VU124630

Improper Restriction of Excessive Authentication Attempts in Moodle - CVE-2025-67853

Published: March 26, 2026

Vulnerability identifier: #VU124630

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-67853

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected application does not limit the number of password attempts within confirmation email web service. A remote attacker can brute force password checks on the target system.

How to mitigate CVE-2025-67853

Install updates from vendor's website.

Sources

https://moodle.org/mod/forum/discuss.php?d=471303
https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-86326&type=commits

Improper Restriction of Excessive Authentication Attempts in Moodle - CVE-2025-67853

Detailed vulnerability description

How to mitigate CVE-2025-67853

Sources

Please verify you're human