CSRF Vulnerability in Chamilo Learning Management System Affects Project Deletion
CVE-2025-59541

8.1HIGH

Key Information:

Vendor: Chamilo
Status: Chamilo-lms
Vendor: CVE Published:; 6 March 2026

What is CVE-2025-59541?

A severe Cross-Site Request Forgery (CSRF) vulnerability exists in Chamilo Learning Management System prior to version 1.11.34, allowing attackers to delete course projects. This security flaw arises from the lack of anti-CSRF protections in sensitive actions, such as project deletion, permitting an authenticated user (Trainer) to be exploited through malicious web pages that trigger unwanted actions without consent. To mitigate this risk, users are advised to upgrade to version 1.11.34 or later, where this vulnerability has been addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

chamilo-lms < 1.11.34

References

https://github.com/chamilo/chamilo-lms/security/advisorie...

x_refsource_CONFIRM

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.34

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Sep 17, 2025

JSON

Chamilo

What is CVE-2025-59541?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.