CVE-2025-69581

MEDIUM

Chamillo LMS 1.11.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-69581. PoCs published by Rivek619.

AI-analyzed exploit summary This repository documents an information disclosure vulnerability in Chamilo LMS 1.11.2, where sensitive user data remains accessible after logout due to missing cache-control headers. The writeup provides clear reproduction steps and technical details about the flaw.

Description

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Exploits (1)

nomisec WRITEUP
by Rivek619 · poc
https://github.com/Rivek619/CVE-2025-69581

This repository documents an information disclosure vulnerability in Chamilo LMS 1.11.2, where sensitive user data remains accessible after logout due to missing cache-control headers. The writeup provides clear reproduction steps and technical details about the flaw.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Chamilo LMS 1.11.2
Auth required
Prerequisites: Valid user account · Access to the target device
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, Exploit
https://github.com/Rivek619/CVE-2025-69581

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-524
Status published
Products (1)
chamilo/chamilo_lms 1.11.2
Published Jan 16, 2026
Tracked Since Feb 18, 2026