CVE-2025-52468 is a stored cross-site scripting vulnerability identified in Chamilo LMS, a popular open-source learning management system. The vulnerability exists in versions prior to 1.11.30 due to insufficient sanitization of user input fields—specifically the Last Name, First Name, and Username fields—when importing user data from CSV files. This improper neutralization of input (CWE-79) allows an attacker to embed malicious JavaScript payloads within these fields. When a legitimate user views the compromised user profile, the malicious script executes in their browser context, potentially enabling session hijacking, credential theft, or unauthorized actions on behalf of the user. The vulnerability does not require any authentication or privileges to inject the payload, but user interaction is necessary to trigger the exploit. The CVSS v3.1 base score is 8.8, reflecting its high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges. Although no exploits have been reported in the wild, the vulnerability poses a significant risk to organizations using affected versions of Chamilo LMS. The issue has been addressed and patched in version 1.11.30, which properly sanitizes input fields during CSV import to prevent script injection.

The impact of CVE-2025-52468 is substantial for organizations using Chamilo LMS versions prior to 1.11.30. Successful exploitation can lead to execution of arbitrary scripts in the context of authenticated users, compromising user sessions and potentially exposing sensitive educational data. Attackers could steal credentials, perform actions on behalf of users, or spread malware within the LMS environment. This can disrupt learning activities, damage institutional reputation, and lead to regulatory compliance issues related to data protection. The vulnerability affects confidentiality by exposing user data, integrity by allowing unauthorized actions, and availability if attackers leverage the exploit to disrupt LMS services. Given Chamilo's widespread adoption in educational institutions worldwide, the threat can impact a broad range of organizations, from universities to training providers, increasing the risk of large-scale data breaches or targeted attacks on education sectors.

To mitigate CVE-2025-52468, organizations should immediately upgrade Chamilo LMS to version 1.11.30 or later, where the vulnerability is patched. Until upgrading, restrict CSV import functionality to trusted administrators and validate all imported data manually to detect suspicious input. Implement web application firewalls (WAFs) with rules to detect and block common XSS payloads targeting user profile fields. Employ Content Security Policy (CSP) headers to limit script execution sources and reduce the impact of potential XSS attacks. Conduct regular security audits and penetration testing focused on input validation and user data handling. Educate LMS users and administrators about the risks of XSS and encourage cautious behavior when interacting with user-generated content. Finally, monitor LMS logs for unusual activities that may indicate exploitation attempts.