LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2025-50199

CVE-2025-50199 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: March 3, 2026

Chamilo - Server Side Request Forgery

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Chamilo < 1.11.30 contains a server side request forgery caused by blind SSRF in /index.php via the POST openid_url parameter, letting remote attackers make arbitrary requests, exploit requires crafted POST request.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Remote attackers can make arbitrary requests from the server, potentially accessing internal resources or causing other impacts.

Mitigation

Upgrade to version 1.11.30 or later.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 4, 2026

šŸ”“ CVE-2025-50199 - Critical (9.1) Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2025-50199/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2025-50199
Severity
Critical
CVSS Score
9.1
Type
server_side_request_forgery
Status
confirmed
EPSS
4.6%
Social Posts
1

CWE

  • CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score

4.6%Probability of exploitation in the next 30 days