CVE-2025-55208 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79 affecting Chamilo LMS, an open-source learning management system widely used in educational and training environments. The vulnerability exists in versions prior to 1.11.34 and is triggered through insecure file upload handling within the Social Networks feature. Specifically, the system fails to properly sanitize or neutralize input during web page generation, allowing malicious scripts embedded in uploaded files to be stored and later executed in the context of an administrator's inbox. This stored XSS enables a low-privilege user to inject and execute arbitrary JavaScript code when the admin views the inbox, effectively allowing session hijacking, credential theft, or complete administrative account takeover. The vulnerability is remotely exploitable over the network without requiring elevated privileges beyond a low-privilege user account, though it does require user interaction (the admin must view the malicious content). The CVSS v3.1 base score of 9.1 indicates critical severity, with attack vector network (AV:N), low attack complexity (AC:L), privileges required low (PR:L), user interaction required (UI:R), scope changed (S:C), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits are currently reported in the wild, but the potential impact is severe. The issue was reserved in August 2025 and published in March 2026, with the fix incorporated in Chamilo LMS version 1.11.34. Organizations running vulnerable versions should urgently upgrade to mitigate risk.

The impact of CVE-2025-55208 is severe for organizations using Chamilo LMS versions prior to 1.11.34. Exploitation allows a low-privilege user to execute arbitrary code in the context of an administrator, leading to full administrative account compromise. This can result in unauthorized access to sensitive educational data, manipulation or deletion of course content, disruption of learning services, and potential lateral movement within the organization's network. The compromise of admin credentials could also facilitate further attacks such as data exfiltration, ransomware deployment, or persistent backdoors. Given the critical role of LMS platforms in educational institutions, corporate training, and certification bodies, the availability and integrity of these systems are paramount. The vulnerability's network accessibility and low complexity of exploitation increase the likelihood of targeted attacks, especially in environments with multiple user roles and social networking features enabled. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency of remediation.

To mitigate CVE-2025-55208, organizations should immediately upgrade Chamilo LMS to version 1.11.34 or later, where the vulnerability is patched. If immediate upgrading is not feasible, implement strict input validation and sanitization on file uploads within the Social Networks feature to prevent malicious script injection. Disable or restrict the Social Networks module temporarily to reduce attack surface. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the admin interface. Monitor admin inbox activity for unusual behavior or unexpected script execution. Enforce least privilege principles to limit the number of users with admin access and regularly audit user roles. Additionally, educate administrators to be cautious when interacting with user-generated content. Network segmentation and web application firewalls (WAF) with custom rules to detect and block XSS payloads can provide additional layers of defense. Regularly review Chamilo LMS security advisories for updates.