Cyber Resilience

CVE-2025-67853

High

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0003 10.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67853 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Moodle Moodle. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2025-67853 is a vulnerability in Moodle stemming from a lack of proper rate limiting in the confirmation email service. This flaw enables remote attackers to more easily enumerate or guess user credentials, thereby facilitating brute-force attacks against user accounts. The issue is classified under CWE-307 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It was published on 2026-02-03.

The vulnerability can be exploited by any remote attacker requiring no privileges, user interaction, or special conditions beyond network access. Attackers can leverage the absence of rate limiting to perform efficient credential guessing or enumeration via the confirmation email service, resulting in high confidentiality impact through unauthorized access to user accounts.

Red Hat provides details on mitigation in its security advisory at https://access.redhat.com/security/cve/CVE-2025-67853, with an associated Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2423847.

EU & UK References

Vulnerability details

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Lack of rate limiting directly enables brute-force credential guessing (T1110) against the public-facing Moodle confirmation service (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26530Same product: Moodle Moodle
CVE-2025-26533Same product: Moodle Moodle
CVE-2025-67850Same product: Moodle Moodle
CVE-2025-67847Same product: Moodle Moodle
CVE-2025-67848Same product: Moodle Moodle
CVE-2021-47857Same product: Moodle Moodle
CVE-2026-26046Same product: Moodle Moodle
CVE-2026-26045Same product: Moodle Moodle
CVE-2025-26525Same product: Moodle Moodle
CVE-2025-26529Same product: Moodle Moodle

Affected Assets

moodle
moodle
5.1.0 · ≤ 4.1.22 · 4.4.0 — 4.4.11 · 4.5.0 — 4.5.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements rate limiting and denial-of-service protections to prevent attackers from exploiting the lack of rate limiting in Moodle's confirmation email service for credential enumeration and brute-force attacks.

prevent

Enforces limits on consecutive unsuccessful logon attempts to mitigate brute-force attacks against user accounts facilitated by the vulnerability.

prevent

Remediates the specific software flaw in Moodle by applying patches or updates that address the absence of proper rate limiting in the confirmation email service.

References