CVE-2025-52998

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.

Vulnerability Details

Published Date

March 02, 2026

Last Modified

March 03, 2026

CWE ID

CWE-502

Source

NVD

Vendor

chamilo

Product

chamilo-lms

External References

https://github.com/chamilo/chamilo-lms/commit/ba7e15d8cfefcd451de939e98d461b17e72eb627
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-6mwg-2mw5-rx5v

CVE-2025-52998

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment