Home / Vulnerability Intelligence / CVE-2025-59542

CVE-2025-59542 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: March 9, 2026

Chamilo - Stored XSS

Published: March 6, 2026Updated: March 9, 2026Remote Exploitable

Overview

Chamilo < 1.11.34 contains a stored cross-site scripting caused by injection of malicious JavaScript in the course learning path Settings field, letting low-privileged attackers execute arbitrary JavaScript in other users' contexts, exploit requires low-privileged account.

Severity & Score

Severity: Critical

CVSS Score: 9.0

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary JavaScript in other users' sessions, leading to session hijacking and account takeover.

Mitigation

Update to version 1.11.34 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🔴 CVE-2025-59542 - Critical (9) Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged accoun... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59542/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-59542
Severity: Critical
CVSS Score: 9.0
Type: stored_xss
Status: unconfirmed
EPSS: 4.1%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days