Home / Vulnerability Intelligence / CVE-2025-52998

CVE-2025-52998 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Chamilo - Insecure Deserialization

Published: March 2, 2026Updated: March 3, 2026Remote Exploitable

Overview

Chamilo < 1.11.30 contains an insecure deserialization vulnerability caused by deserialization of untrusted data, letting attackers create arbitrary objects and modify application logic, exploit requires crafted data input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 10.3%(Probability of exploitation in next 30 days)

Impact

Attackers can modify application logic, potentially leading to remote code execution or privilege escalation.

Mitigation

Update to version 1.11.30 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🔴 CVE-2025-52998 - Critical (9.8) Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, a... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52998/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-52998
Severity: Critical
CVSS Score: 9.8
Type: insecure_deserialization
Status: confirmed
EPSS: 10.3%
Social Posts: 1

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.3%Probability of exploitation in the next 30 days