CVE-2025-50187
CRITICALChamilo <1.11.28 - RCE
Title source: llmDescription
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
Scores
CVSS v3
9.8
EPSS
0.0041
EPSS Percentile
60.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-95
Status
published
Affected Products (1)
chamilo/chamilo_lms
< 1.11.28
Timeline
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026