CVE-2025-52468
Published: 02 March 2026
Summary
CVE-2025-52468 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the insufficient sanitization of user data from CSV imports by enforcing validation of inputs in Last Name, First Name, and Username fields to block XSS payloads.
Prevents execution of stored XSS payloads by filtering information outputs when authenticated users view affected user profiles.
Mitigates the vulnerability through timely flaw remediation, including patching to version 1.11.30 as recommended in the advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing web app directly enables exploitation of the application (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).
NVD Description
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and…
more
"Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.
Deeper analysisAI
CVE-2025-52468 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in Chamilo, an open-source learning management system. Versions prior to 1.11.30 are affected due to insufficient input sanitization when importing user data from CSV files. Attackers can inject malicious payloads into the "Last Name", "First Name", and "Username" fields, which are stored without proper validation.
The vulnerability can be exploited by an attacker who submits a crafted CSV file via the user import feature, requiring no privileges (PR:N) but user interaction (UI:R) to trigger. When an authenticated user views the profile of the injected user, the XSS payload executes in the victim's browser context, potentially compromising confidentiality, integrity, and availability with high impact (CVSS v3.1 score: 8.8, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Chamilo has patched the issue in version 1.11.30. Administrators should upgrade to this version immediately. Official resources include the fixing commit at https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd, the release notes at https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30, and the GitHub security advisory at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r.
Details
- CWE(s)