CVE-2025-55208 Chamilo — Exploit & Vulnerability Details CRITICAL

CVE-2025-55208

CRITICAL CVSS 3.1: 9.0 EPSS 0.06%

Parameter	Value
CVSS	9.0 (CRITICAL)
Affected Versions	before 1.11.34
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Chamilo
Public PoC	No

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in `Social Networks`. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account.

Version 1.11.34 fixes the issue.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 1

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-2vq2-826h-6hp6

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29041

Chamilo

8.8

CVE-2025-59544

Chamilo

6.9

CVE-2025-59543

Chamilo

9.0

CVE-2025-59542

Chamilo

9.0

CVE-2025-59541

Chamilo

8.1

Menu

CVE-2025-55208

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-29041

CVE-2025-59544

CVE-2025-59543

CVE-2025-59542

CVE-2025-59541

CVE Details

Editor's Choice

Menu

CVE-2025-55208

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-29041

CVE-2025-59544

CVE-2025-59543

CVE-2025-59542

CVE-2025-59541

CVE Details

Editor's Choice

Stay informed on cybersecurity