CVE-2025-59541
CSRF Vulnerability in Chamilo Allows Unauthorized Project Deletion
Publication date: 2026-03-06
Last updated on: 2026-03-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chamilo | chamilo_lms | to 1.11.34 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59541 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting Chamilo LMS versions 1.11.32 and earlier.
The vulnerability occurs because sensitive actions, such as deleting projects within courses, are performed via GET requests without anti-CSRF protections like CSRF tokens.
As a result, an authenticated user with Trainer or Admin privileges can be tricked into deleting projects by simply visiting a malicious webpage, since the application processes deletion requests based on the victim’s session cookies without validating the request origin.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can lead to irreversible loss of important course or project data due to unauthorized deletion.'}, {'type': 'paragraph', 'content': "It can disrupt educational activities in collaborative environments by removing critical projects without the victim's consent."}, {'type': 'paragraph', 'content': 'The integrity and availability of the system are highly impacted, although confidentiality is less affected since no direct data leak occurs.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for GET requests that trigger project deletion actions without proper anti-CSRF protections such as CSRF tokens.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves sensitive actions performed via GET requests, you can look for unusual or unexpected GET requests to project deletion URLs in your web server logs or application logs.'}, {'type': 'paragraph', 'content': 'Commands to help detect this might include searching web server logs for GET requests to project deletion endpoints. For example, using grep on Apache or Nginx logs:'}, {'type': 'list_item', 'content': "grep 'GET /path/to/project/delete' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep 'GET /path/to/project/delete' /var/log/nginx/access.log"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for suspicious referrers or unusual user activity involving project deletion URLs can help identify exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Chamilo LMS to version 1.11.34 or later, where the vulnerability has been patched.
If upgrading immediately is not possible, you should implement CSRF protections such as CSRF tokens on all state-changing requests, especially project deletion actions.
Additionally, configuring the SameSite attribute on cookies can help reduce the risk of CSRF attacks by restricting cross-site requests.
Restricting user privileges to minimize the number of users with Trainer or Admin roles can also reduce the attack surface.