Home / Vulnerability Intelligence / CVE-2025-55289

CVE-2025-55289 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 6, 2026

Chamilo LMS - Stored XSS

Published: March 6, 2026Updated: March 6, 2026Remote Exploitable

Overview

Chamilo LMS < 1.11.34 contains a stored XSS caused by improper sanitization in social network and internal messaging features, letting attackers inject JavaScript to execute in authenticated users' browsers, exploit requires victim to be authenticated.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Attackers can hijack sessions, perform unauthorized actions, and exfiltrate sensitive data via injected scripts in authenticated users' browsers.

Mitigation

Update to version 1.11.34 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2025-55289 - High (8.8) Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging f... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55289/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-55289
Severity: High
CVSS Score: 8.8
Type: stored_xss
Status: new
EPSS: 4.7%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.7%Probability of exploitation in the next 30 days