CVE-2025-52482
Published: 02 March 2026
Summary
CVE-2025-52482 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information output filtering directly prevents stored XSS by sanitizing glossary content before rendering in the administrator's browser, blocking execution of injected JavaScript.
Information input validation rejects or sanitizes malicious JavaScript payloads entered by teachers into glossary entries, preventing their storage.
Flaw remediation ensures timely patching to version 1.11.30, directly addressing the specific stored XSS vulnerability in the glossary function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing web app (Chamilo LMS) directly enables T1190 exploitation; JS execution in admin browser context enables T1185 session hijacking/credential theft.
NVD Description
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in…
more
version 1.11.30.
Deeper analysisAI
CVE-2025-52482 is a stored cross-site scripting (XSS) vulnerability, classified as CWE-79, affecting the glossary function in Chamilo, an open-source learning management system. Versions of Chamilo prior to 1.11.30 are vulnerable, allowing authenticated users to inject malicious JavaScript code that persists in the system. The vulnerability carries a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.
A teacher-role user can exploit this vulnerability by injecting JavaScript payloads into glossary entries, which are then stored and executed in the administrator's browser context when the admin views the affected content. Exploitation requires high privileges (teacher access) and user interaction from the target admin, but successful attacks can achieve high confidentiality and integrity impacts across a changed scope, such as session hijacking, credential theft, or administrative account takeover.
The vulnerability has been patched in Chamilo version 1.11.30, with fixes implemented across multiple GitHub commits including 241c569dde0ad0e34d558ae51271f70438189b0e, 82cc07edd8ef316e6b36da7c501120d5c0aeb151, and f9150075246df4ed9755a4a150e25edb468767be. Security practitioners should upgrade to the patched release, available at https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30, and review the GitHub Security Advisory at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4 for additional details on remediation.
Details
- CWE(s)