CVE-2025-69581

Source
https://cve.org/CVERecord?id=CVE-2025-69581
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69581.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-69581
Published
2026-01-16T00:00:00Z
Modified
2026-07-15T01:48:50.554318883Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Database specific
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69581.json"
}
References

Affected packages

Git / github.com/chamilo/chamilo-lms

Affected ranges

Type
GIT
Repo
https://github.com/chamilo/chamilo-lms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:chamilo:chamilo_lms:1.11.2:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.11.2"
        },
        {
            "last_affected": "1.11.2"
        }
    ]
}

Affected versions

1.*
1.11.2
v1.*
v1.11.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69581.json"