CVE-2025-50199

CriticalPublic PoC

Published: 02 March 2026

Published

02 March 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0009 25.9th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-50199 is a critical-severity SSRF (CWE-918) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the SSRF vulnerability by requiring timely remediation through application of the vendor patch in Chamilo version 1.11.30.

SI-10 Information Input Validation good match

prevent

Prevents blind SSRF exploitation by validating the openid_url POST parameter against allowed schemes, hosts, and paths before initiating server-side requests.

SC-7 Boundary Protection partial match

preventdetect

Mitigates SSRF impact by monitoring and controlling outbound communications at system boundaries to block unauthorized access to internal services or resources.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1522 Cloud Instance Metadata API Credential Access

Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

SSRF in public-facing web app directly maps to T1190 for initial exploitation; enables metadata service access (T1522) and backend DoS via crafted requests (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.

Deeper analysisAI

Chamilo, an open-source learning management system, is affected by CVE-2025-50199, a blind Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918. The flaw exists in versions prior to 1.11.30, specifically within the /index.php endpoint through the POST openid_url parameter. This vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

Unauthenticated attackers can exploit this blind SSRF over the network by sending crafted POST requests to the vulnerable endpoint. Successful exploitation allows remote attackers to induce the server to make unauthorized requests to internal or external resources, potentially leading to high-impact confidentiality violations, such as accessing internal services or metadata, and high-impact availability disruptions, including denial-of-service conditions against backend systems.

The vulnerability has been addressed in Chamilo version 1.11.30, as detailed in the official release notes and GitHub security advisory. Security practitioners should prioritize upgrading to this patched version to mitigate the issue, with further technical details available at https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30 and https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-jv2w-m5r6-p52h.

Details

CWE(s): CWE-918

Affected Products

chamilo

chamilo lms

≤ 1.11.30

CVEs Like This One

CVE-2026-31941Same product: Chamilo Chamilo Lms

CVE-2026-34160Same product: Chamilo Chamilo Lms

CVE-2026-33715Same product: Chamilo Chamilo Lms

CVE-2025-52998Same product: Chamilo Chamilo Lms

CVE-2025-50188Same product: Chamilo Chamilo Lms

CVE-2025-50187Same product: Chamilo Chamilo Lms

CVE-2025-52469Same product: Chamilo Chamilo Lms

CVE-2025-50192Same product: Chamilo Chamilo Lms

CVE-2026-33710Same product: Chamilo Chamilo Lms

CVE-2025-50190Same product: Chamilo Chamilo Lms

References

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
Product, Release Notes · security-advisories@github.com
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-jv2w-m5r6-p52h
Exploit, Mitigation, Vendor Advisory · security-advisories@github.com