CVE-2025-66447

low-risk

Published 2026-04-10

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

References (2)

https://github.com/chamilo/chamilo-lms/commit/73ae6293adaa6098374bc22625342dbae5...

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m82x-prv3-rwwv

/ 100

low-risk

Severity 7/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal