fkie_cve-2025-53021
Vulnerability from fkie_nvd
Published
2025-06-24 20:15
Modified
2025-07-09 15:23
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
cve@mitre.orghttps://github.com/moodle/moodle/releases/tag/v3.11.18Product
cve@mitre.orghttps://moodledev.io/general/releases#moodle-311Product
cve@mitre.orghttps://rentry.co/moodle-oauth2-cveThird Party Advisory
Impacted products
Vendor Product Version
moodle moodle *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3452833D-B192-471B-B958-44ADA0C3CCC8",
              "versionEndIncluding": "3.11.18",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim\u0027s session being linked to the attacker\u0027s. Successful exploitation results in full account takeover. According to the Moodle Releases page, \"Bug fixes for security issues in 3.11.x ended 11 December 2023.\" NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Moodle 3.x a 3.11.18 permite a atacantes no autenticados secuestrar sesiones de usuario mediante el par\u00e1metro sesskey. Este par\u00e1metro se puede obtener sin autenticaci\u00f3n y reutilizar en el flujo de inicio de sesi\u00f3n de OAuth2, lo que vincula la sesi\u00f3n de la v\u00edctima a la del atacante. Una explotaci\u00f3n exitosa resulta en la apropiaci\u00f3n total de la cuenta. Seg\u00fan la p\u00e1gina de versiones de Moodle, \"Las correcciones de errores de seguridad en 3.11.x finalizaron el 11 de diciembre de 2023\". NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante. "
    }
  ],
  "id": "CVE-2025-53021",
  "lastModified": "2025-07-09T15:23:31.237",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 2.5,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-24T20:15:26.867",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/moodle/moodle/releases/tag/v3.11.18"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://moodledev.io/general/releases#moodle-311"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://rentry.co/moodle-oauth2-cve"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.