Plattform
php
Komponente
chamilo-lms
Behoben in
1.11.35
CVE-2025-59541 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Chamilo LMS versions prior to 1.11.34. This flaw allows an attacker to delete projects within a course without the victim's knowledge or consent. The vulnerability stems from a lack of anti-CSRF protections on sensitive actions, specifically project deletion, making it susceptible to manipulation via malicious links. The vulnerability has been addressed in version 1.11.34.
The primary impact of CVE-2025-59541 is the unauthorized deletion of projects within a Chamilo LMS course. An attacker can craft a malicious page that, when visited by an authenticated user (specifically a Trainer role), triggers the project deletion action. This could lead to data loss, disruption of learning materials, and potential compromise of the course's integrity. The attacker does not need to know the user's password, only that the user is logged into Chamilo. Successful exploitation requires the target user to be authenticated within the LMS and to visit the attacker-controlled malicious page. The blast radius is limited to the scope of the course and the permissions of the Trainer role.
CVE-2025-59541 was publicly disclosed on 2026-03-06. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. No public proof-of-concept (PoC) code has been released. The vulnerability's reliance on user interaction (visiting a malicious page) suggests a lower probability of widespread exploitation compared to vulnerabilities that can be exploited remotely without user action.
Educational institutions and organizations utilizing Chamilo LMS are at risk, particularly those running versions prior to 1.11.34. Organizations with a large number of 'Trainer' accounts or those that allow users to easily share links to internal Chamilo resources are at higher risk. Shared hosting environments where multiple Chamilo instances reside on the same server could also be impacted.
• php / web: Examine access logs for GET requests to project deletion endpoints with suspicious referer headers.
grep 'project_delete.php' access.log | grep -i 'attacker.com'• php / web: Monitor Chamilo application logs for unusual project deletion events, particularly those associated with Trainer accounts. • generic web: Use curl to test for project deletion functionality via GET requests without CSRF tokens.
curl -v -X GET 'https://chamilo.example.com/project_delete.php?project_id=123' -H 'Referer: https://attacker.com'disclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59541 is to upgrade Chamilo LMS to version 1.11.34 or later, which includes the necessary anti-CSRF protections. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block requests that lack CSRF tokens for project deletion endpoints. Additionally, educate users about the risks of clicking on links from untrusted sources. While a direct detection signature is difficult without specific application-level monitoring, reviewing Chamilo's access logs for unusual GET requests targeting project deletion endpoints might reveal suspicious activity. After upgrading, confirm the fix by attempting to delete a test project via a crafted GET request – it should be rejected.
Aktualisieren Sie Chamilo LMS auf Version 1.11.34 oder höher. Diese Version enthält die Korrektur für die CSRF Vulnerability beim Löschen von Projekten. Das Update verhindert, dass ein Angreifer Projekte ohne Ihre Zustimmung löschen kann.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59541 is a Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS versions before 1.11.34, allowing attackers to delete projects without consent.
You are affected if you are using Chamilo LMS version 1.11.34 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade Chamilo LMS to version 1.11.34 or later. Consider implementing a WAF with CSRF protection as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-59541 at this time, but the vulnerability is publicly known and could be targeted.
Refer to the official Chamilo security advisory for CVE-2025-59541 on the Chamilo website (check their security announcements page).
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.