Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chamilo | Chamilo Lms | < 1.11.30 |
Related Weaknesses (CWE)
References
- https://github.com/chamilo/chamilo-lms/commit/ba7e15d8cfefcd451de939e98d461b17e7Patch
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30ProductRelease Notes
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-6mwg-2mw5-rx5vPatchVendor Advisory
FAQ
What is CVE-2025-52998?
CVE-2025-52998 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classe...
How severe is CVE-2025-52998?
CVE-2025-52998 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-52998?
Check the references section above for vendor advisories and patch information. Affected products include: Chamilo Chamilo Lms.