CVE-2025-52998
- Source
- https://cve.org/CVERecord?id=CVE-2025-52998
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52998.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-52998
- Aliases
-
- GHSA-6mwg-2mw5-rx5v
- Published
- 2026-03-02T15:54:19.738Z
- Modified
- 2026-04-10T05:29:22.971963Z
- Severity
-
- 7.0 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Chamilo: PHAR deserialization bypass
- Details
-
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, and thus modify the logic of the web application's operation. This issue has been patched in version 1.11.30.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/52xxx/CVE-2025-52998.json", "cwe_ids": [ "CWE-502" ] }- References
-
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/52xxx/CVE-2025-52998.json
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-6mwg-2mw5-rx5v
- https://nvd.nist.gov/vuln/detail/CVE-2025-52998
- https://github.com/chamilo/chamilo-lms/commit/ba7e15d8cfefcd451de939e98d461b17e72eb627
Affected packages
Git / github.com/chamilo/chamilo-lms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/chamilo/chamilo-lms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
CHAMILO_1_8_7_ALPHA_1
CHAMILO_1_8_7_ALPHA_2
CHAMILO_1_8_7_RC2
CHAMILO_1_8_7_RC_1
CHAMILO_1_8_7_STABLE
CHAMILO_1_8_7_STABLE_BIS
CHAMILO_1_8_8_2_RC_1
CHAMILO_1_8_8_2_STABLE
CHAMILO_1_8_8_2_STABLE_2
CHAMILO_1_8_8_4_STABLE
CHAMILO_1_8_8_ALPHA
CHAMILO_1_8_8_BETA_1
CHAMILO_1_8_8_BETA_2
CHAMILO_1_9_0_ALPHA_1
CHAMILO_1_9_0_ALPHA_2
CHAMILO_1_9_0_ALPHA_4
CHAMILO_1_9_0_PRE_ALPHA
CHAMILO_1_9_0_RC_1
CHAMILO_1_9_0_STABLE_2
CHAMILO_1_9_0_STABLE_3
CHAMILO_1_9_2_STABLE
CHAMILO_1_9_2_STABLE_QUARTER
CHAMILO_1_9_4_ALPHA_1
CHAMILO_1_9_4_RC_1
CHAMILO_1_9_4_STABLE
CHAMILO_1_9_6_RC_1
CHAMILO_1_9_6_RC_2
CHAMILO_1_9_6_STABLE
CHAMILO_1_8_8.*
CHAMILO_1_8_8.3_STABLE_4
v1.*
v1.11.10
v1.11.12
v1.11.14
v1.11.14-beta.1
v1.11.18
v1.11.20
v1.11.20-beta.1
v1.11.22
v1.11.22-beta.1
v1.11.22-beta.2
v1.11.24
v1.11.26
v1.11.26-rc.1
v1.11.28
v1.11.30-rc.1
v1.11.6
v1.11.6-alpha.1
v1.8.6.1
v1.9.8