Compliance Impact

The vulnerability described in CVE-2025-66447 is an open redirect issue in Chamilo LMS that allows malicious redirects via the login page's redirect parameter.

However, the CVSS score indicates no impact on confidentiality, integrity, or availability, and there is no indication from the provided information that this vulnerability leads to unauthorized data access or data breaches.

Therefore, based on the available information, this vulnerability does not directly affect compliance with common standards and regulations such as GDPR or HIPAA, which primarily focus on protecting personal data confidentiality and integrity.

No explicit mention or analysis regarding compliance impact is provided in the resources.

Useful 0 Not Useful 0

Executive Summary

CVE-2025-66447 is a vulnerability in Chamilo LMS versions from 1.11.0 to 2.0-beta.1 where the login page's redirect parameter can be manipulated to cause a malicious redirect to arbitrary external URLs.

The root cause is the lack of validation or filtering on the redirect parameter, allowing attackers to craft URLs that redirect users to potentially harmful sites.

The vulnerability is fixed in version 2.0-beta.2 by restricting redirects to same-origin URLs and validated relative paths, ensuring redirects cannot lead to external malicious sites.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to redirect users of the Chamilo LMS login page to arbitrary external websites without any user interaction or privileges.

Such open redirect vulnerabilities can be exploited in phishing attacks, where users are tricked into visiting malicious sites that may steal credentials or deliver malware.

However, the CVSS score is 0.0, indicating no direct impact on confidentiality, integrity, or availability of the system itself.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an unsafe redirect parameter on the /login page of Chamilo LMS versions from 1.11.0 to 2.0-beta.1. To detect it on your system or network, you can test if the login page accepts arbitrary redirect URLs without validation.

A simple detection method is to send HTTP requests to the /login endpoint with various redirect parameters pointing to external URLs and observe if the system redirects to those URLs.

Example commands using curl to test for the vulnerability:

• curl -I 'http://your-chamilo-instance/login?redirect=http://malicious.example.com'
• curl -v 'http://your-chamilo-instance/login?redirect=https://evil.com/path'

If the response includes a Location header redirecting to the external URL specified in the redirect parameter, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation is to upgrade Chamilo LMS to version 2.0-beta.2 or later, where this vulnerability is fixed.

The fix restricts login redirects strictly to same-origin URLs and relative paths, preventing redirection to potentially malicious external sites.

If upgrading immediately is not possible, consider implementing temporary measures such as:

• Manually validate and sanitize redirect parameters on the login page to ensure they only point to internal paths.
• Configure web application firewalls (WAF) or reverse proxies to block or log requests with suspicious redirect parameters pointing to external domains.

These steps help prevent attackers from exploiting the open redirect vulnerability until the official patch can be applied.

Useful 0 Not Useful 0