Cyber Posture

CVE-2025-67853

High

Published: 03 February 2026

Published
03 February 2026
Modified
11 February 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 6.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67853 is a high-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Moodle Moodle. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked at the 6.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AC-7 Unsuccessful Logon Attempts
addresses: CWE-307

This control directly enforces limits on consecutive invalid logon attempts and automatic response (e.g., lockout) to prevent brute-force exploitation of authentication mechanisms.

IA-10 Adaptive Authentication
addresses: CWE-307

Specific conditions can include excessive failed attempts, triggering stronger authentication that restricts brute-force exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Lack of rate limiting directly enables brute-force credential guessing (T1110) against the public-facing Moodle confirmation service (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

Deeper analysisAI

CVE-2025-67853 is a vulnerability in Moodle stemming from a lack of proper rate limiting in the confirmation email service. This flaw enables remote attackers to more easily enumerate or guess user credentials, thereby facilitating brute-force attacks against user accounts. The issue is classified under CWE-307 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). It was published on 2026-02-03.

The vulnerability can be exploited by any remote attacker requiring no privileges, user interaction, or special conditions beyond network access. Attackers can leverage the absence of rate limiting to perform efficient credential guessing or enumeration via the confirmation email service, resulting in high confidentiality impact through unauthorized access to user accounts.

Red Hat provides details on mitigation in its security advisory at https://access.redhat.com/security/cve/CVE-2025-67853, with an associated Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2423847.

Details

CWE(s)
CWE-307

Affected Products

moodle
moodle
5.1.0 · ≤ 4.1.22 · 4.4.0 — 4.4.11 · 4.5.0 — 4.5.8

CVEs Like This One

CVE-2025-26530Same product: Moodle Moodle
CVE-2025-26533Same product: Moodle Moodle
CVE-2025-67848Same product: Moodle Moodle
CVE-2026-26045Same product: Moodle Moodle
CVE-2025-26525Same product: Moodle Moodle
CVE-2025-67850Same product: Moodle Moodle
CVE-2026-26046Same product: Moodle Moodle
CVE-2025-26529Same product: Moodle Moodle
CVE-2025-67847Same product: Moodle Moodle
CVE-2025-67851Same product: Moodle Moodle

References