Malicious Redirect Vulnerability in Chamilo LMS Affects Versions 1.11.0 to 2.0-beta.1
CVE-2025-66447

NONE

Key Information:

Vendor

Chamilo

Status
Chamilo-lms
Vendor
CVE Published:
10 April 2026

What is CVE-2025-66447?

Chamilo LMS versions from 1.11.0 to 2.0-beta.1 are susceptible to a vulnerability that allows attackers to execute a malicious redirect by manipulating the redirect parameter during the login process. This exploit may lead to phishing attempts or redirection to malicious sites, compromising user safety. The issue has been addressed in Chamilo LMS version 2.0-beta.2.

Affected Version(s)

chamilo-lms >= 1.11.0, < 2.0.0-RC.3

References

https://github.com/chamilo/chamilo-lms/security/advisorie...
x_refsource_CONFIRM
https://github.com/chamilo/chamilo-lms/commit/73ae6293ada...
x_refsource_MISC

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.