Home / Vulnerability Intelligence / CVE-2025-52468

CVE-2025-52468 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 3, 2026

Chamilo - Stored XSS

Published: March 2, 2026Updated: March 3, 2026PoC AvailableRemote Exploitable

Overview

Chamilo < 1.11.30 contains a stored XSS caused by insufficient sanitization of user data in "Last Name", "First Name", and "Username" fields during CSV import, letting attackers execute scripts in authenticated user context, exploit requires user profile view.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.5%(Probability of exploitation in next 30 days)

Impact

Attackers can execute malicious scripts in authenticated users' browsers, potentially stealing data or performing actions on their behalf.

Mitigation

Update to version 1.11.30 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2025-52468 - High (8.8) Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52468/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-52468
Severity: High
CVSS Score: 8.8
Type: stored_xss
Status: confirmed
EPSS: 4.5%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

4.5%Probability of exploitation in the next 30 days