CVE-2025-69581

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-69581
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69581.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-69581
Published
2026-01-16T20:15:49.287Z
Modified
2026-03-13T03:50:21.007637Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

References

Affected packages

Git / github.com/chamilo/chamilo-lms

Affected ranges

Type
GIT
Repo
https://github.com/chamilo/chamilo-lms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
43ad0d2f8facae3dd95ce56f29c4474048dcafed
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.11.2"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69581.json"