CVE-2025-50187CRITICAL 9.8EPSS p54.3%

CVE-2025-50187CVE-2025-50187

Description

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.88% probability of exploitation · percentile 54.3% · 2026-06-19T12:03:05Z
Published2026-03-02
Last modified2026-03-03

Underlying weaknesses· 1

CWE-95

References

  1. https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.28
  2. https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-356v-7xg2-3678

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')cwe-950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-50189
CVE
CVE-2025-50192
CVE
CVE-2026-29041
CVE
CVE-2025-50199
CVE
CVE-2025-52998
CVE
CVE-2025-55289
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.