CVE-2025-52482 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Chamilo learning management system (LMS) in versions prior to 1.11.30. The vulnerability resides in the glossary function, where input submitted by users with the Teachers role is not properly sanitized or neutralized before being rendered in web pages. This improper input handling allows these users to inject malicious JavaScript code that is stored persistently and executed in the browsers of administrators who view the glossary entries. The attack vector requires the attacker to have authenticated access with the Teachers role, which is a high privilege level within the LMS. When an administrator accesses the compromised glossary content, the injected script executes with the administrator's privileges, potentially enabling session hijacking, credential theft, privilege escalation, or further compromise of the LMS environment. The vulnerability has a CVSS v3.1 base score of 8.3, reflecting its high impact on confidentiality and integrity, with low attack complexity but requiring high privileges and user interaction. The issue was publicly disclosed and patched in Chamilo LMS version 1.11.30, emphasizing the importance of upgrading to remediate this risk. No known active exploits have been reported in the wild at the time of publication, but the vulnerability's nature makes it a significant threat to organizations relying on Chamilo LMS for educational management.

The impact of CVE-2025-52482 is substantial for organizations using vulnerable versions of Chamilo LMS. Successful exploitation can lead to the compromise of administrator accounts, allowing attackers to gain unauthorized access to sensitive educational data, modify course content, or disrupt LMS operations. The confidentiality of user data, including student records and communications, is at risk due to potential session hijacking or credential theft. Integrity is compromised as attackers can alter LMS content or settings, potentially undermining the trustworthiness of educational materials. Availability impact is lower but still present, as attackers could inject scripts that disrupt normal LMS functionality or cause denial of service conditions. Given the role-based access requirement, the threat is primarily internal or from compromised teacher accounts, but the consequences extend to the entire LMS ecosystem. This vulnerability could also facilitate lateral movement within an organization's network if the LMS is integrated with other systems. Educational institutions and organizations relying on Chamilo LMS for critical training and learning services face operational and reputational risks if this vulnerability is exploited.

To mitigate CVE-2025-52482, organizations should immediately upgrade Chamilo LMS to version 1.11.30 or later, where the vulnerability has been patched. Beyond patching, implement strict input validation and output encoding on all user-generated content, especially in glossary and similar functions, to prevent injection of malicious scripts. Enforce the principle of least privilege by reviewing and limiting the Teachers role permissions to only those necessary for their duties, reducing the risk of abuse. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the LMS web application. Regularly audit user roles and monitor for unusual activity or unauthorized content submissions. Educate administrators and teachers about phishing and social engineering risks that could lead to account compromise. Employ multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential misuse. Finally, conduct periodic security assessments and code reviews of LMS customizations to identify and remediate similar vulnerabilities proactively.