CVE-2025-59541 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 6, 2026
Chamilo - Cross-Site Request Forgery
Overview
Chamilo < 1.11.34 contains a cross-site request forgery caused by missing anti-CSRF tokens on project deletion actions, letting attackers trick authenticated trainers into deleting projects without consent, exploit requires user interaction.
Severity & Score
Impact
Attackers can trick authenticated trainers into deleting projects, causing data loss and disruption.
Mitigation
Update to version 1.11.34 or later.
References
Social Media Activity(2 posts)
🟠 CVE-2025-59541 - High (8.1) Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions s... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59541/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post🟠 CVE-2025-59541 - High (8.1) Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions s... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59541/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-59541
- Severity
- High
- CVSS Score
- 8.1
- Type
- cross_site_request_forgery
- Status
- new
- EPSS
- 1.5%
- Social Posts
- 2
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H