CVE-2025-55208
Published: 05 March 2026
Summary
CVE-2025-55208 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of file uploads in the Social Networks feature to block malicious XSS payloads from being stored.
Mandates filtering and sanitization of user-uploaded content when rendered in the admin inbox to prevent XSS execution.
Ensures timely flaw remediation by applying the patch to Chamilo version 1.11.34, eliminating the stored XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public-facing LMS web app directly enables exploitation via T1190; arbitrary JS execution in admin browser context facilitates session cookie theft for account takeover via T1539.
NVD Description
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin…
more
account. Version 1.11.34 fixes the issue.
Deeper analysisAI
CVE-2025-55208 is a Stored Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, in Chamilo, an open-source learning management system. It affects versions prior to 1.11.34 and arises from insecure file uploads in the Social Networks component. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for network-based exploitation with low complexity and privileges, though requiring user interaction and changing scope.
A low-privilege user can exploit the vulnerability by uploading malicious files through the Social Networks feature, resulting in stored XSS payloads. When an administrator views the attacker's inbox, the payload executes arbitrary code in the admin's browser context, enabling full takeover of the admin account.
The official GitHub security advisory (GHSA-2vq2-826h-6hp6) at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-2vq2-826h-6hp6 documents the issue, confirming that upgrading to Chamilo version 1.11.34 fully resolves the vulnerability.
Details
- CWE(s)