CVE-2025-66447 - Vulnerability Details - OpenCVE

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Chamilo	Chamilo Lms

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Chamilo	Chamilo Lms

References

Link	Providers
https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv

History

Tue, 14 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Chamilo Chamilo chamilo Lms
Vendors & Products		Chamilo Chamilo chamilo Lms

Fri, 10 Apr 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.
Title		Chamilo LMS has validation-less redirect on login page
Weaknesses		CWE-601
References		https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446 https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv
Metrics		cvssV3_1 `{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-10T17:22:32.443Z

Updated: 2026-04-14T14:12:56.349Z

Reserved: 2025-12-01T18:22:06.865Z

Link: CVE-2025-66447

Vulnrichment

Updated: 2026-04-14T14:12:52.677Z

NVD

Status : Undergoing Analysis

Published: 2026-04-10T18:16:40.630

Modified: 2026-04-13T15:02:06.187

Link: CVE-2025-66447

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T13:00:07Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66447", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-12-01T18:22:06.865Z", "datePublished": "2026-04-10T17:22:32.443Z", "dateUpdated": "2026-04-14T14:12:56.349Z"}, "containers": {"cna": {"title": "Chamilo LMS has validation-less redirect on login page", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv"}, {"name": "https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446", "tags": ["x_refsource_MISC"], "url": "https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446"}], "affected": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"version": ">= 1.11.0, < 2.0.0-RC.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T17:22:32.443Z"}, "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2."}], "source": {"advisory": "GHSA-m82x-prv3-rwwv", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:12:48.504084Z", "id": "CVE-2025-66447", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:12:56.349Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T14:12:48.504084Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:12:52.677Z"}}], "cna": {"title": "Chamilo LMS has validation-less redirect on login page", "source": {"advisory": "GHSA-m82x-prv3-rwwv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 0, "attackVector": "NETWORK", "baseSeverity": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"status": "affected", "version": ">= 1.11.0, < 2.0.0-RC.3"}]}], "references": [{"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv", "name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446", "name": "https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5cbc446", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-10T17:22:32.443Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66447", "state": "PUBLISHED", "dateUpdated": "2026-04-14T14:12:56.349Z", "dateReserved": "2025-12-01T18:22:06.865Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-10T17:22:32.443Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.11.0,2.0.0-RC.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "chamilo-lms", "source": "cna", "vendor": "chamilo"}, "product": "chamilo_lms", "vendor": "chamilo"}], "analysis": {"en": {"generated_at": "2026-04-10T18:20:44.784053+00:00", "value": {"mitigation_remediation": ["Upgrade Chamilo LMS to version 2.0-beta.2 or later to eliminate the open redirect functionality.", "If an upgrade is not immediately possible, block or validate the redirect parameter on the /login route to prevent external redirects.", "Monitor your application logs for anomalous redirect attempts and educate users about click-jacking risks."], "summary": {"action": "Apply Patch", "impact": "Open redirect via login redirect parameter"}, "threat_synthesis": {"affected_systems": "The issue affects the Chamilo Learning Management System from its 1.11.0 release through 2.0-beta.1. Users operating those versions are at risk. The product is developed by the Chamilo community.", "description_and_impact": "Chamilo LMS allows anyone with access to the login page to supply an arbitrary redirect URL via the redirect parameter without server-side validation. This leads to an open redirect that can send unsuspecting users to malicious sites. The vulnerability is identified as a CWE-601 open redirect, enabling potential phishing, click-jacking, or social-engineering attacks.", "risk_and_exploitability": "No CVSS score is published, and the EPSS score is unavailable. The vulnerability is not listed in CISA KEV. The attack vector is remote, accessible via the web interface using the login redirect parameter. Because no authentication is required, the potential impact depends on the attacker\u2019s ability to entice users into following the link; it can facilitate phishing or malicious site redirection, but does not expose sensitive data directly. The overall risk is moderate, but any compromised users could be manipulated."}}}}, "created": "2026-04-13T12:43:43.295460+00:00", "updated": "2026-04-13T13:00:07.263414+00:00", "vendors": ["chamilo", "chamilo$PRODUCT$chamilo_lms"]}