CVE-2022-35652 in Moodle
Summary
by MITRE • 07/25/2022
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/06/2025
The vulnerability CVE-2022-35652 represents a critical open redirect flaw within the Moodle learning management system that stems from inadequate input validation in the mobile auto-login functionality. This security weakness allows malicious actors to craft deceptive links that appear legitimate but redirect users to attacker-controlled domains. The issue specifically manifests when the system fails to properly sanitize user-supplied data, creating a pathway for unauthorized redirection that bypasses normal security controls. The vulnerability affects the mobile auto-login feature which is designed to streamline user access across different devices, but in this case becomes a vector for malicious redirection attacks.
The technical implementation of this flaw demonstrates a classic input sanitization failure that aligns with CWE-601 Open Redirect vulnerability classification. When users click on maliciously crafted links, the system processes the user-supplied redirect parameter without adequate validation, allowing arbitrary URLs to be specified as redirect destinations. This weakness operates at the application level where the system should validate that redirect targets are within the trusted domain or explicitly authorized by the application logic. The mobile auto-login feature typically handles authentication tokens and redirect parameters, making it a prime target for attackers seeking to exploit trust relationships between users and the Moodle platform.
From an operational perspective, this vulnerability creates significant risk for organizations relying on Moodle for educational or training purposes. The successful exploitation enables attackers to conduct sophisticated phishing campaigns where victims are redirected from trusted Moodle domains to malicious sites designed to capture login credentials, personal information, or other sensitive data. The impact extends beyond simple redirection as it can facilitate credential harvesting, data exfiltration, and further lateral movement within compromised networks. Security analysts should note that this vulnerability can be particularly dangerous in educational environments where users may be less vigilant about verifying URL authenticity, especially when accessing mobile applications that appear to be legitimate Moodle interfaces.
Organizations should implement immediate mitigations including input validation for all redirect parameters, explicit domain whitelisting for redirect destinations, and comprehensive security testing of mobile application features. The mitigation strategy should incorporate principle of least privilege for redirect functionality and implement proper URL validation mechanisms that prevent redirection to external domains. Security teams should also consider implementing web application firewalls to monitor and block suspicious redirect patterns, while conducting regular security assessments of mobile application components. This vulnerability highlights the importance of secure coding practices in mobile application development and the critical need for input validation across all user-supplied data pathways. The attack surface for this vulnerability is particularly concerning given the widespread use of Moodle in educational institutions and the mobile accessibility features that make this attack vector more accessible to threat actors.