Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2025-53021 | First vendor Publication | 2025-06-24 |
Vendor | Cve | Last vendor Modification | 2025-06-24 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53021 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-384 | Session Fixation |
Sources (Detail)
Source | Url |
---|
Alert History
Date | Informations |
---|---|
2025-06-25 05:20:32 |
|