CVE-2025-69581

MEDIUM

Chamillo LMS 1.11.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Exploits (1)

nomisec WRITEUP
by Rivek619 · poc
https://github.com/Rivek619/CVE-2025-69581

References (2)

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 0.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-524
Status published
Products (1)
chamilo/chamilo_lms 1.11.2
Published Jan 16, 2026
Tracked Since Feb 18, 2026