Main Vulnerability Database Exploits ID:12474 - Exploit for Improper Enforcement of Behavioral Workflow in Chamilo LMS - CVE-2025-52469

ID:12474 - Exploit for Improper Enforcement of Behavioral Workflow in Chamilo LMS - CVE-2025-52469

Published: March 3, 2026

Vulnerability identifier: #VU123437

Vulnerability risk: Medium

CVE-ID: CVE-2025-52469

CWE-ID: CWE-841

Exploitation vector: Remote access

Vulnerable software:
Chamilo LMS

Link to public exploit:

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-m5xj-5xf3-rqch/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the logic issue in the friend request workflow of social network module. A remote user can forcibly add any user as a friend.

Remediation

Install updates from vendor's website.

ID:12474 - Exploit for Improper Enforcement of Behavioral Workflow in Chamilo LMS - CVE-2025-52469

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human