CVE-2025-66447

| EUVD-2025-209408 NONE
2026-04-10 GitHub_M

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 10, 2026 - 18:00 euvd
EUVD-2025-209408
Analysis Generated
Apr 10, 2026 - 18:00 vuln.today
CVE Published
Apr 10, 2026 - 17:22 nvd
NONE

Tags

Open Redirect Chamilo Lms

Description

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

Analysis

Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.

Technical Context

Chamilo LMS is an open-source learning management system. The vulnerability resides in the login functionality at the /login endpoint, specifically in improper validation of the redirect parameter (CWE-601: URL Redirection to Untrusted Site). The affected versions (1.11.0 to 2.0-beta.1) fail to sanitize or validate the redirect parameter before performing server-side redirects, allowing attackers to inject arbitrary URLs. This is a classic open redirect vulnerability where user-supplied input is used directly in HTTP redirection logic without allowlisting or validation. The CPE identifier cpe:2.3:a:chamilo:chamilo-lms indicates all variants of the Chamilo LMS product across all platforms and configurations within the vulnerable version range are affected.

Affected Products

Chamilo LMS versions 1.11.0 through 2.0-beta.1 are affected per the GitHub security advisory (GHSA-m82x-prv3-rwwv). ENISA further specifies that the vulnerability impacts chamilo-lms 1.11.0 and all versions below 2.0.0-RC.3. The CPE cpe:2.3:a:chamilo:chamilo-lms:*:*:*:*:*:*:*:* indicates the vulnerability affects all variants of the product. Users running any version in the 1.11.x branch or early 2.0 beta releases should be considered at risk. Consult the GitHub security advisory for complete version mapping.

Remediation

Vendor-released patch: upgrade to Chamilo LMS 2.0-beta.2 or later, with ENISA confirming safety in version 2.0.0-RC.3 and beyond. The upstream fix is confirmed in commit 73ae6293adaa6098374bc22625342dbae5cbc446 which implements proper validation of the redirect parameter. Organizations unable to upgrade immediately should implement network-level controls such as restricting login redirects to internal domains only, or review and restrict the use of the redirect parameter at the web application firewall level. Refer to the GitHub security advisory at https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv and the fix commit at https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446 for implementation details.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-66447 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy