CVE-2025-67849 is a cross-site scripting (XSS) vulnerability identified in Moodle versions 4.5.0, 5.0.0, and 5.1.0. The root cause is improper neutralization of input during web page generation, specifically related to AI prompt responses that are not adequately sanitized before being rendered in the user interface. This flaw allows an attacker to inject malicious HTML or JavaScript code into Moodle web pages. When other users access these compromised pages, the injected scripts execute in their browsers, potentially leading to theft of session cookies, enabling session hijacking, or manipulation of the user interface to deceive users or perform unauthorized actions. The vulnerability requires the attacker to have low privileges (PR:L) and some user interaction (UI:R), but no elevated privileges or authentication bypass is needed. The attack vector is network-based (AV:N), meaning exploitation can be performed remotely. The vulnerability does not impact availability but has high impact on confidentiality and integrity, as reflected by the CVSS 3.1 score of 7.3. No known exploits are currently reported in the wild, but the presence of AI-generated content as an attack vector is notable, indicating emerging risks associated with AI integration in web applications. The vulnerability was reserved in December 2025 and published in February 2026, with Fedora as the assigner. No official patches are linked yet, indicating organizations should monitor vendor updates closely. This vulnerability is particularly relevant for Moodle deployments used in educational institutions, corporate training, and other e-learning environments.

For European organizations, the impact of CVE-2025-67849 can be significant, especially those relying on Moodle for educational and training purposes. Successful exploitation can lead to session hijacking, allowing attackers to impersonate legitimate users, potentially gaining access to sensitive educational data, personal information, or administrative functions. Manipulation of the user interface can facilitate phishing attacks or unauthorized changes to course content, undermining trust and operational integrity. Confidentiality and integrity are primarily affected, while availability remains intact. The risk is heightened in environments where multiple users interact with AI-generated content, increasing the attack surface. Educational institutions, government agencies, and private sector companies using Moodle in Europe may face reputational damage, regulatory scrutiny under GDPR for data breaches, and operational disruptions. The lack of known exploits in the wild provides a window for proactive mitigation, but the ease of exploitation and network accessibility necessitate urgent attention.

European organizations should implement a multi-layered mitigation strategy: 1) Monitor Moodle vendor channels for official patches addressing CVE-2025-67849 and apply them promptly upon release. 2) Until patches are available, restrict or disable AI prompt response features that generate user-facing content, or implement strict input validation and output encoding on these inputs to prevent script injection. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 4) Conduct regular security audits and penetration testing focused on AI-generated content handling within Moodle. 5) Educate users and administrators about the risks of XSS and encourage cautious interaction with unexpected content or links. 6) Implement web application firewalls (WAF) with rules targeting common XSS payloads, especially those exploiting AI prompt inputs. 7) Monitor logs and user activity for signs of session hijacking or UI manipulation attempts. 8) Consider network segmentation to isolate Moodle servers and limit exposure. These steps go beyond generic advice by focusing on the AI content vector and proactive detection.