Platform
php
Component
chamilo-lms
Fixed in
1.11.35
CVE-2025-59541 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Chamilo LMS versions prior to 1.11.34. This flaw allows an attacker to delete projects within a course without the victim's knowledge or consent. The vulnerability stems from a lack of anti-CSRF protections on sensitive actions, specifically project deletion, making it susceptible to manipulation via malicious links. The vulnerability has been addressed in version 1.11.34.
The primary impact of CVE-2025-59541 is the unauthorized deletion of projects within a Chamilo LMS course. An attacker can craft a malicious webpage that, when visited by an authenticated 'Trainer' user, triggers the project deletion action. This could lead to significant data loss, disruption of learning materials, and potential reputational damage for the institution using Chamilo. The attack requires the victim to be logged into Chamilo and visit the attacker-controlled page, but does not require any further interaction. Successful exploitation could compromise the integrity of course content and impact the learning experience for students.
CVE-2025-59541 was publicly disclosed on 2026-03-06. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation is considered medium due to the relatively simple attack vector and the widespread use of Chamilo LMS in educational institutions.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59541 is to immediately upgrade Chamilo LMS to version 1.11.34 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, educate users about the risks of clicking on untrusted links and the importance of verifying the authenticity of websites before submitting sensitive actions. While a direct detection signature is difficult, monitor Chamilo logs for unusual project deletion activity originating from unexpected IP addresses or user agents.
Update Chamilo LMS to version 1.11.34 or higher. This version contains the fix for the CSRF vulnerability in project deletion. The update will prevent an attacker from deleting projects without your consent.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59541 is a Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS versions before 1.11.34, allowing attackers to delete projects without consent.
You are affected if you are using Chamilo LMS version 1.11.34 or earlier. Upgrade to the latest version to mitigate the risk.
Upgrade Chamilo LMS to version 1.11.34 or later. Consider implementing a WAF with CSRF protection as a temporary workaround.
There is no confirmed active exploitation of CVE-2025-59541 at this time, but the vulnerability is publicly known and could be targeted.
Refer to the official Chamilo security advisory for CVE-2025-59541 on the Chamilo website (check their security announcements page).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.