CVE-2025-55208
📋 TL;DR
This vulnerability allows low-privilege users in Chamilo LMS to upload malicious files containing stored XSS payloads through the Social Networks feature. When an admin user views these files, arbitrary JavaScript executes in their browser context, potentially leading to admin account takeover. All Chamilo installations running versions before 1.11.34 are affected.
💻 Affected Systems
- Chamilo LMS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Chamilo instance through admin account takeover, leading to data theft, system manipulation, or further attacks on users.
Likely Case
Admin session hijacking leading to unauthorized access to sensitive student data, grade manipulation, or privilege escalation.
If Mitigated
Limited impact with proper input validation and file upload restrictions in place.
🎯 Exploit Status
Exploitation requires authenticated low-privilege user access and admin interaction with malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.11.34
Vendor Advisory: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-2vq2-826h-6hp6
Restart Required: No
Instructions:
1. Backup your Chamilo installation and database. 2. Download version 1.11.34 from the official Chamilo repository. 3. Replace affected files with patched versions. 4. Clear application cache if applicable.
🔧 Temporary Workarounds
Disable Social Networks file uploads
allTemporarily disable file upload functionality in Social Networks feature
Modify Chamilo configuration to restrict file uploads in social.php or related modules
Implement file upload restrictions
allAdd server-side file type validation and sanitization
Configure web server to block upload of HTML/JS files
Implement Content Security Policy headers
🧯 If You Can't Patch
- Restrict file upload permissions to trusted users only
- Implement web application firewall rules to detect and block XSS payloads in file uploads
🔍 How to Verify
Check if Vulnerable:
Check Chamilo version in admin panel or main.php file version constantCheck Version:
grep -r "define('CHAMILO_VERSION'" /path/to/chamilo/ || php -r "include 'main/inc/global.inc.php'; echo _s('Version');"Verify Fix Applied:
Verify version is 1.11.34 or later and test file upload functionality with XSS payloads📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with .html/.htm/.js extensions
- Multiple failed upload attempts with suspicious filenames
- Admin account login from unexpected locations
Network Indicators:
- HTTP POST requests to social network upload endpoints with script tags
- Unusual outbound connections from admin sessions
SIEM Query:
source="web_logs" AND (uri_path="/main/social/" OR uri_path="/main/upload/") AND (file_extension="html" OR file_extension="htm" OR file_extension="js")