How to fix CVE-2025-52482?

Within 24 hours: Identify all Chamilo instances and verify current versions; restrict glossary feature access to administrators only if possible. Within 7 days: Apply vendor patch to upgrade all Chamilo installations to version 1.11.30 or later; conduct post-patch testing. Within 30 days: Audit glossary entries for malicious content; review administrator account activity logs for unauthorized access during the vulnerability window; conduct security awareness training for teachers on acceptable use policies.

Is Chamilo Lms affected by CVE-2025-52482?

A stored cross-site scripting vulnerability in Chamilo LMS versions prior to 1.11.30 allows teachers to inject malicious code that executes when administrators access the glossary function, potentially compromising administrative accounts and sensitive institutional data.

CVE-2025-52482

HIGH

2026-03-02 [email protected]

8.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 19:13 vuln.today

Public exploit code

Patch Released

Mar 03, 2026 - 19:13 nvd

Patch available

CVE Published

Mar 02, 2026 - 15:16 nvd

HIGH 8.3

Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Analysis

Technical Context

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the glossary component of Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Affected Products

Vendor: Chamilo. Product: Chamilo Lms. Versions: up to 1.11.30. Component: glossary.

Remediation

A vendor patch is available — apply it immediately. Fixed in version 1.11.30.. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +42

POC: +20

CVE-2025-52482 vulnerability details – vuln.today

Back

CVE-2025-52482

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-52482

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code