CVE-2025-59544: CWE-862: Missing Authorization in chamilo chamilo-lms
CVE-2025-59544 is a medium severity vulnerability in Chamilo LMS versions prior to 1. 11. 34 where missing authorization checks allow any user to update the category of any other user by manipulating the 'category_id' parameter. This flaw arises from the lack of proper authorization enforcement on the category update functionality, enabling unauthorized privilege escalation or data manipulation. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network. Although no known exploits are currently reported in the wild, the issue has been patched in version 1. 11. 34. Organizations using affected versions of Chamilo LMS should upgrade immediately to prevent unauthorized modifications that could impact data integrity and user management. Countries with significant Chamilo LMS adoption, especially in education sectors, are at higher risk.
AI Analysis
Technical Summary
Chamilo LMS, an open-source learning management system widely used in educational institutions, contained a missing authorization vulnerability identified as CVE-2025-59544 (CWE-862). Prior to version 1.11.34, the system's functionality allowing users to update the 'category_id' parameter did not implement proper authorization checks. This flaw permits any user, without authentication or privileges, to alter the category assignment of any other user by simply replacing the 'category_id' parameter in the update request. The vulnerability is remotely exploitable over the network without user interaction, making it relatively easy for attackers to manipulate user categorizations. Such unauthorized changes could lead to privilege escalation scenarios, misclassification of users, or disruption of organizational user management policies. The issue was officially published in March 2026 and has been patched in version 1.11.34. The CVSS 4.0 vector indicates no required privileges, no user interaction, and no impact on confidentiality or availability, but a low impact on integrity, resulting in a base score of 6.9 (medium severity). No known exploits have been reported in the wild to date, but the vulnerability poses a significant risk to organizations relying on Chamilo LMS for managing user roles and categories.
Potential Impact
The primary impact of CVE-2025-59544 is on the integrity of user data within Chamilo LMS installations. Unauthorized users can modify the category assignments of other users, potentially leading to unauthorized access to resources, misrepresentation of user roles, or disruption of learning workflows. This could facilitate privilege escalation if categories are linked to access controls or permissions. Although confidentiality and availability are not directly affected, the integrity compromise can undermine trust in the LMS and cause administrative overhead to detect and remediate unauthorized changes. Organizations worldwide using vulnerable versions risk unauthorized internal manipulation, which could affect compliance with data governance policies and educational standards. The ease of exploitation without authentication increases the threat level, especially in publicly accessible LMS deployments.
Mitigation Recommendations
Organizations should immediately upgrade Chamilo LMS to version 1.11.34 or later, where the authorization checks for the 'category_id' parameter have been properly implemented. Until the upgrade is possible, administrators should restrict network access to the LMS to trusted users only, implement web application firewalls (WAFs) with rules to detect and block unauthorized category update attempts, and monitor logs for suspicious category modification activities. Additionally, reviewing user roles and permissions to minimize the impact of unauthorized changes can help. Regular audits of user categories and access controls should be conducted to detect anomalies. Employing multi-factor authentication and network segmentation can further reduce the risk of exploitation. Finally, organizations should stay informed about any emerging exploits targeting this vulnerability.
Affected Countries
United States, France, Brazil, Spain, Mexico, Argentina, Colombia, Peru, Chile, Portugal
CVE-2025-59544: CWE-862: Missing Authorization in chamilo chamilo-lms
Description
CVE-2025-59544 is a medium severity vulnerability in Chamilo LMS versions prior to 1. 11. 34 where missing authorization checks allow any user to update the category of any other user by manipulating the 'category_id' parameter. This flaw arises from the lack of proper authorization enforcement on the category update functionality, enabling unauthorized privilege escalation or data manipulation. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network. Although no known exploits are currently reported in the wild, the issue has been patched in version 1. 11. 34. Organizations using affected versions of Chamilo LMS should upgrade immediately to prevent unauthorized modifications that could impact data integrity and user management. Countries with significant Chamilo LMS adoption, especially in education sectors, are at higher risk.
AI-Powered Analysis
Technical Analysis
Chamilo LMS, an open-source learning management system widely used in educational institutions, contained a missing authorization vulnerability identified as CVE-2025-59544 (CWE-862). Prior to version 1.11.34, the system's functionality allowing users to update the 'category_id' parameter did not implement proper authorization checks. This flaw permits any user, without authentication or privileges, to alter the category assignment of any other user by simply replacing the 'category_id' parameter in the update request. The vulnerability is remotely exploitable over the network without user interaction, making it relatively easy for attackers to manipulate user categorizations. Such unauthorized changes could lead to privilege escalation scenarios, misclassification of users, or disruption of organizational user management policies. The issue was officially published in March 2026 and has been patched in version 1.11.34. The CVSS 4.0 vector indicates no required privileges, no user interaction, and no impact on confidentiality or availability, but a low impact on integrity, resulting in a base score of 6.9 (medium severity). No known exploits have been reported in the wild to date, but the vulnerability poses a significant risk to organizations relying on Chamilo LMS for managing user roles and categories.
Potential Impact
The primary impact of CVE-2025-59544 is on the integrity of user data within Chamilo LMS installations. Unauthorized users can modify the category assignments of other users, potentially leading to unauthorized access to resources, misrepresentation of user roles, or disruption of learning workflows. This could facilitate privilege escalation if categories are linked to access controls or permissions. Although confidentiality and availability are not directly affected, the integrity compromise can undermine trust in the LMS and cause administrative overhead to detect and remediate unauthorized changes. Organizations worldwide using vulnerable versions risk unauthorized internal manipulation, which could affect compliance with data governance policies and educational standards. The ease of exploitation without authentication increases the threat level, especially in publicly accessible LMS deployments.
Mitigation Recommendations
Organizations should immediately upgrade Chamilo LMS to version 1.11.34 or later, where the authorization checks for the 'category_id' parameter have been properly implemented. Until the upgrade is possible, administrators should restrict network access to the LMS to trusted users only, implement web application firewalls (WAFs) with rules to detect and block unauthorized category update attempts, and monitor logs for suspicious category modification activities. Additionally, reviewing user roles and permissions to minimize the impact of unauthorized changes can help. Regular audits of user categories and access controls should be conducted to detect anomalies. Employing multi-factor authentication and network segmentation can further reduce the risk of exploitation. Finally, organizations should stay informed about any emerging exploits targeting this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-09-17T17:04:20.374Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69aa5508c48b3f10fff1d3cb
Added to database: 3/6/2026, 4:16:08 AM
Last enriched: 3/6/2026, 4:31:27 AM
Last updated: 3/6/2026, 6:56:33 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.