CVE-2025-52468 is a stored cross-site scripting (XSS) vulnerability identified in the Chamilo learning management system (LMS) prior to version 1.11.30. The vulnerability stems from improper neutralization of input during web page generation, specifically when importing user data from CSV files. The affected fields include Last Name, First Name, and Username, where insufficient sanitization allows attackers to embed malicious JavaScript payloads. When a user profile containing such injected data is viewed, the payload executes within the context of the authenticated user's browser session. This can lead to session hijacking, credential theft, unauthorized actions on behalf of the user, and potentially full system compromise depending on user privileges. The vulnerability is remotely exploitable without authentication (AV:N, PR:N) but requires user interaction (UI:R) to trigger the malicious script. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability. The flaw was addressed and patched in Chamilo LMS version 1.11.30 by implementing proper input validation and output encoding to neutralize malicious scripts. No public exploits have been reported to date, but the vulnerability poses a significant risk to organizations using affected versions, especially those with many users and sensitive data.

The impact of CVE-2025-52468 is substantial for organizations using vulnerable Chamilo LMS versions. Successful exploitation allows attackers to execute arbitrary scripts in the context of authenticated users, leading to session hijacking, theft of sensitive information such as credentials or personal data, and unauthorized actions within the LMS. This can compromise the integrity of educational content, user data confidentiality, and availability of LMS services if attackers escalate privileges or deploy further payloads. Educational institutions, corporate training environments, and any organizations relying on Chamilo LMS for critical learning functions face risks of data breaches, reputational damage, and operational disruption. Since the vulnerability is triggered via user profile views, attackers can target high-privilege accounts to maximize damage. The ease of exploitation combined with the widespread use of Chamilo LMS in various countries amplifies the threat landscape.

To mitigate CVE-2025-52468, organizations should immediately upgrade Chamilo LMS to version 1.11.30 or later, where the vulnerability is patched. In addition, implement strict input validation and sanitization controls on all user-supplied data, especially when importing from CSV files or other bulk data sources. Employ output encoding techniques to neutralize any potentially malicious scripts before rendering user profile data in web pages. Restrict CSV import permissions to trusted administrators to reduce risk of malicious data injection. Enable Content Security Policy (CSP) headers to limit script execution sources and reduce impact of potential XSS payloads. Conduct regular security audits and penetration testing focused on input handling and stored XSS vectors. Educate users to be cautious when viewing profiles and report suspicious behavior. Monitor logs for unusual activities related to user profile views and CSV imports. Finally, maintain an incident response plan to quickly address any exploitation attempts.