Cyber Resilience

CVE-2025-55208

Critical

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0031 22.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-55208 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Chamilo Chamilo Lms. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-55208 is a Stored Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, in Chamilo, an open-source learning management system. It affects versions prior to 1.11.34 and arises from insecure file uploads in the Social Networks component. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for network-based exploitation with low complexity and privileges, though requiring user interaction and changing scope.

A low-privilege user can exploit the vulnerability by uploading malicious files through the Social Networks feature, resulting in stored XSS payloads. When an administrator views the attacker's inbox, the payload executes arbitrary code in the admin's browser context, enabling full takeover of the admin account.

The official GitHub security advisory (GHSA-2vq2-826h-6hp6) at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-2vq2-826h-6hp6 documents the issue, confirming that upgrading to Chamilo version 1.11.34 fully resolves the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin…

more

account. Version 1.11.34 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

Stored XSS in public-facing LMS web app directly enables exploitation via T1190; arbitrary JS execution in admin browser context facilitates session cookie theft for account takeover via T1539.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-59542Same product: Chamilo Chamilo Lms
CVE-2025-52468Same product: Chamilo Chamilo Lms
CVE-2025-52482Same product: Chamilo Chamilo Lms
CVE-2025-59543Same product: Chamilo Chamilo Lms
CVE-2025-55289Same product: Chamilo Chamilo Lms
CVE-2025-50188Same product: Chamilo Chamilo Lms
CVE-2025-52998Same product: Chamilo Chamilo Lms
CVE-2025-50190Same product: Chamilo Chamilo Lms
CVE-2025-52469Same product: Chamilo Chamilo Lms
CVE-2025-50187Same product: Chamilo Chamilo Lms

Affected Assets

chamilo
chamilo lms
≤ 1.11.34

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of file uploads in the Social Networks feature to block malicious XSS payloads from being stored.

prevent

Mandates filtering and sanitization of user-uploaded content when rendered in the admin inbox to prevent XSS execution.

prevent

Ensures timely flaw remediation by applying the patch to Chamilo version 1.11.34, eliminating the stored XSS vulnerability.

References