Cyber Resilience

CVE-2025-52468

HighPublic PoC

Published: 02 March 2026

Published
02 March 2026
Modified
03 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0035 26.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-52468 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-52468 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in Chamilo, an open-source learning management system. Versions prior to 1.11.30 are affected due to insufficient input sanitization when importing user data from CSV files. Attackers can inject malicious payloads into the "Last Name", "First Name", and "Username" fields, which are stored without proper validation.

The vulnerability can be exploited by an attacker who submits a crafted CSV file via the user import feature, requiring no privileges (PR:N) but user interaction (UI:R) to trigger. When an authenticated user views the profile of the injected user, the XSS payload executes in the victim's browser context, potentially compromising confidentiality, integrity, and availability with high impact (CVSS v3.1 score: 8.8, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Chamilo has patched the issue in version 1.11.30. Administrators should upgrade to this version immediately. Official resources include the fixing commit at https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd, the release notes at https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30, and the GitHub security advisory at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and…

more

"Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
Why these techniques?

Stored XSS in public-facing web app directly enables exploitation of the application (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59542Same product: Chamilo Chamilo Lms
CVE-2025-52482Same product: Chamilo Chamilo Lms
CVE-2025-55208Same product: Chamilo Chamilo Lms
CVE-2025-59543Same product: Chamilo Chamilo Lms
CVE-2025-55289Same product: Chamilo Chamilo Lms
CVE-2025-50188Same product: Chamilo Chamilo Lms
CVE-2025-52998Same product: Chamilo Chamilo Lms
CVE-2025-50190Same product: Chamilo Chamilo Lms
CVE-2025-52469Same product: Chamilo Chamilo Lms
CVE-2025-50187Same product: Chamilo Chamilo Lms

Affected Assets

chamilo
chamilo lms
≤ 1.11.30

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the insufficient sanitization of user data from CSV imports by enforcing validation of inputs in Last Name, First Name, and Username fields to block XSS payloads.

prevent

Prevents execution of stored XSS payloads by filtering information outputs when authenticated users view affected user profiles.

prevent

Mitigates the vulnerability through timely flaw remediation, including patching to version 1.11.30 as recommended in the advisory.

References