Skip to main content

Open Redirect CVE-2025-66447

| EUVD-2025-209408 NONE
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-04-10 GitHub_M
Open Redirect

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
2.0.0-RC.3
EUVD ID Assigned
Apr 10, 2026 - 18:00 euvd
EUVD-2025-209408
Analysis Generated
Apr 10, 2026 - 18:00 vuln.today
CVE Published
Apr 10, 2026 - 17:22 nvd
NONE

DescriptionNVD

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

AnalysisAI

Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.

Technical ContextAI

Chamilo LMS is an open-source learning management system. The vulnerability resides in the login functionality at the /login endpoint, specifically in improper validation of the redirect parameter (CWE-601: URL Redirection to Untrusted Site). The affected versions (1.11.0 to 2.0-beta.1) fail to sanitize or validate the redirect parameter before performing server-side redirects, allowing attackers to inject arbitrary URLs. This is a classic open redirect vulnerability where user-supplied input is used directly in HTTP redirection logic without allowlisting or validation. The CPE identifier cpe:2.3:a:chamilo:chamilo-lms indicates all variants of the Chamilo LMS product across all platforms and configurations within the vulnerable version range are affected.

RemediationAI

Vendor-released patch: upgrade to Chamilo LMS 2.0-beta.2 or later, with ENISA confirming safety in version 2.0.0-RC.3 and beyond. The upstream fix is confirmed in commit 73ae6293adaa6098374bc22625342dbae5cbc446 which implements proper validation of the redirect parameter. Organizations unable to upgrade immediately should implement network-level controls such as restricting login redirects to internal domains only, or review and restrict the use of the redirect parameter at the web application firewall level. Refer to the GitHub security advisory at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv and the fix commit at https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446 for implementation details.

Share

CVE-2025-66447 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy