What is the CVSS score of CVE-2025-52482?

CVE-2025-52482 has a CVSS 3.1 base score of 8.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L. EPSS exploitation probability: 0.1%.

Which versions of Chamilo Lms are affected by CVE-2025-52482?

A stored cross-site scripting vulnerability in Chamilo LMS versions prior to 1.11.30 allows teachers to inject malicious code that executes when administrators access the glossary function,…. A patch is available.

Is there a public PoC exploit available for CVE-2025-52482?

Yes, a public proof-of-concept exploit is available for CVE-2025-52482. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-52482?

Within 24 hours: Identify all Chamilo instances and verify current versions; restrict glossary feature access to administrators only if possible. Within 7 days: Apply vendor patch to upgrade all Chamilo installations to version 1.11.30 or later; conduct post-patch testing. Within 30 days: Audit glossary entries for malicious content; review administrator account activity logs for unauthorized access during the vulnerability window; conduct security awareness training for teachers on acceptable use policies.

Chamilo Lms CVE-2025-52482

HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-03-02 security-advisories@github.com

XSS Chamilo Lms

8.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 03, 2026 - 19:13 vuln.today

Public exploit code

Patch released

Mar 03, 2026 - 19:13 nvd

Patch available

CVE Published

Mar 02, 2026 - 15:16 nvd

HIGH 8.3

DescriptionNVD

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

AnalysisAI

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the glossary component of Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

RemediationAI

A vendor patch is available — apply it immediately. Fixed in version 1.11.30.. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2025-52482 vulnerability details – vuln.today

Back

Chamilo Lms CVE-2025-52482

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code