Donate Telegram

CVE-2025-59544

MEDIUM CVSS 4.0: 6.9 EPSS 0.04%

Mar 06, 2026

Updated Mar 06, 2026

Chamilo

Parameter	Value
CVSS	6.9 (MEDIUM)
Fixed In	1.11.34
Type	CWE-862 (Missing Authorization (Отсутствие авторизации))
Vendor	Chamilo
Public PoC	No

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issue has been patched in version 1.11.34.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

Low

Частичная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-862 Missing Authorization (Отсутствие авторизации)

References 2

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34

security-advisories@github.com

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-x3h9-h7qf-wwrf

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29041

Chamilo

CVE-2025-59543

Chamilo

CVE-2025-59542

Chamilo

CVE-2025-59541

Chamilo

CVE-2025-59540

Chamilo

CVE Details

CVE ID

CVE-2025-59544

Published Date

Mar 06, 2026

Vendor

Chamilo

Severity

MEDIUM

CVSS v4.0 Score

6.9

Medium severity. Plan remediation.

Exploit Prediction (EPSS)

Probability of Exploit 0.04%

Likelihood of exploitation in next 30 days

Percentile: 12.2th percentile (higher than 12.2% of all CVEs)

Standard patching cycle

Impact

Partial data modification

Source

Editor's Choice