Platform
php
Component
chamilo-lms
Fixed in
1.11.35
CVE-2025-55208 describes a Stored Cross-Site Scripting (XSS) vulnerability affecting Chamilo LMS versions prior to 1.11.34. This vulnerability allows a low-privilege user to execute arbitrary code within the administrative user's inbox, potentially leading to complete account takeover. The vulnerability stems from insecure file upload handling within the 'Social Networks' feature. A patch is available in version 1.11.34.
The impact of CVE-2025-55208 is severe. A successful exploit allows an attacker to inject malicious JavaScript code into the Chamilo LMS environment. This code executes within the context of the administrator's session, granting the attacker full control over the administrative interface. This includes the ability to modify user accounts, course content, system configurations, and potentially exfiltrate sensitive data. The attack vector is relatively simple: an attacker can upload a specially crafted file containing malicious JavaScript, which is then executed when the administrator views the file or interacts with the 'Social Networks' feature. This is a significant risk for organizations relying on Chamilo LMS for educational purposes, as it could compromise the integrity and confidentiality of their learning environment.
CVE-2025-55208 has a CRITICAL CVSS score of 9.1, indicating a high probability of exploitation. Public proof-of-concept (PoC) code is not currently available, but the vulnerability's nature and ease of exploitation suggest it is likely to be targeted. The vulnerability was publicly disclosed on 2026-03-05. It is not currently listed on CISA KEV, but its severity warrants close monitoring.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-55208 is to immediately upgrade Chamilo LMS to version 1.11.34 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file upload permissions to trusted users and file types. Implement strict input validation and sanitization on all user-supplied data, particularly during file upload processes. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Monitor Chamilo LMS logs for suspicious activity, such as unusual file uploads or unexpected JavaScript execution. After upgrading, verify the fix by attempting to upload a test file containing a simple JavaScript payload and confirming that it is properly sanitized and does not execute.
Update Chamilo LMS to version 1.11.34 or higher. This version corrects the Stored Cross-Site Scripting (XSS) vulnerability in files uploaded to social networks. The update will prevent the execution of arbitrary code in the administrator's inbox and potential administrator account control.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-55208 is a CRITICAL Stored XSS vulnerability in Chamilo LMS versions prior to 1.11.34, allowing attackers to execute code in the admin inbox.
Yes, if you are running Chamilo LMS version 1.11.34 or earlier, you are vulnerable to this XSS attack.
Upgrade Chamilo LMS to version 1.11.34 or later to resolve this vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the official Chamilo security advisory for detailed information and updates: [https://www.chamilo.org/en/security-advisories](https://www.chamilo.org/en/security-advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.