CVE-2025-53021
A session fixation flaw was found in Moodle. This flaw allows an unauthenticated attacker to hijack a user session via the sesskey parameter. This sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the...