CVE-2025-50197 is an OS Command Injection vulnerability identified in the Chamilo Learning Management System (LMS), specifically affecting versions prior to 1.11.30. The vulnerability resides in the /main/admin/sub_language_ajax.inc.php script, where the POST parameter 'new_language' is improperly sanitized, allowing an attacker to inject arbitrary operating system commands. This is classified under CWE-78, indicating improper neutralization of special elements used in OS commands. The vulnerability requires an attacker to have high-level privileges (authenticated with administrative rights) but does not require user interaction, making it exploitable remotely by authorized users. The CVSS 4.0 base score is 7.1 (high), reflecting the network attack vector, low attack complexity, no user interaction, but requiring privileges. The impact includes potential full system compromise, unauthorized command execution, data manipulation, and service disruption. The vulnerability has been patched in Chamilo LMS version 1.11.30, and no public exploits have been reported yet. Given Chamilo's use in educational institutions worldwide, this vulnerability poses a significant risk if left unpatched, especially in environments where administrative access controls are weak or compromised.

The exploitation of this vulnerability can lead to severe consequences for organizations using vulnerable Chamilo LMS versions. Attackers with administrative access can execute arbitrary OS commands, potentially leading to full system compromise, including unauthorized data access, modification, or deletion. This can disrupt educational services, leak sensitive student or institutional data, and damage organizational reputation. The integrity and availability of the LMS can be severely impacted, causing downtime and loss of trust. Since the vulnerability requires privileged authentication, the risk is heightened in scenarios where credential theft or privilege escalation has occurred. Organizations with large deployments of Chamilo LMS, especially in education and government sectors, face increased risk of targeted attacks aiming to disrupt critical learning infrastructures or exfiltrate sensitive information.

To mitigate this vulnerability, organizations should immediately upgrade Chamilo LMS to version 1.11.30 or later, where the issue is patched. Additionally, implement strict access controls to limit administrative privileges only to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA). Regularly audit user accounts and permissions to detect and remove unnecessary privileges. Employ network segmentation to isolate LMS servers from broader enterprise networks, reducing exposure. Monitor logs for unusual administrative activity or command execution patterns indicative of exploitation attempts. Consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious POST requests targeting the 'new_language' parameter. Finally, maintain an incident response plan tailored to LMS environments to quickly respond to potential compromises.