CVE-2025-59541
Received Received - Intake
CSRF Vulnerability in Chamilo Allows Unauthorized Project Deletion

Publication date: 2026-03-06

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59541
EUVD
EUVD-2025-208339
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chamilo chamilo_lms to 1.11.34 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59541 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting Chamilo LMS versions 1.11.32 and earlier.

The vulnerability occurs because sensitive actions, such as deleting projects within courses, are performed via GET requests without anti-CSRF protections like CSRF tokens.

As a result, an authenticated user with Trainer or Admin privileges can be tricked into deleting projects by simply visiting a malicious webpage, since the application processes deletion requests based on the victim’s session cookies without validating the request origin.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can lead to irreversible loss of important course or project data due to unauthorized deletion.'}, {'type': 'paragraph', 'content': "It can disrupt educational activities in collaborative environments by removing critical projects without the victim's consent."}, {'type': 'paragraph', 'content': 'The integrity and availability of the system are highly impacted, although confidentiality is less affected since no direct data leak occurs.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for GET requests that trigger project deletion actions without proper anti-CSRF protections such as CSRF tokens.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves sensitive actions performed via GET requests, you can look for unusual or unexpected GET requests to project deletion URLs in your web server logs or application logs.'}, {'type': 'paragraph', 'content': 'Commands to help detect this might include searching web server logs for GET requests to project deletion endpoints. For example, using grep on Apache or Nginx logs:'}, {'type': 'list_item', 'content': "grep 'GET /path/to/project/delete' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'GET /path/to/project/delete' /var/log/nginx/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for suspicious referrers or unusual user activity involving project deletion URLs can help identify exploitation attempts.'}] [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Chamilo LMS to version 1.11.34 or later, where the vulnerability has been patched.

If upgrading immediately is not possible, you should implement CSRF protections such as CSRF tokens on all state-changing requests, especially project deletion actions.

Additionally, configuring the SameSite attribute on cookies can help reduce the risk of CSRF attacks by restricting cross-site requests.

Restricting user privileges to minimize the number of users with Trainer or Admin roles can also reduce the attack surface.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59541. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart