5.5

CVE-2025-69581

Exploit

EPSS 0.01%
Veröffentlicht 16.01.2026 00:00:00
Zuletzt bearbeitet 05.02.2026 21:46:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chamilo ≫ Chamilo Lms Version1.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.004

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

https://github.com/chamilo/chamilo-lms

Product

https://github.com/Rivek619/CVE-2025-69581

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-69581

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69581

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69581

EUVD