Unrated severityOSV Advisory· Published Jan 16, 2026· Updated Jan 20, 2026

CVE-2025-69581

Description

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Affected products

Chamilo/Chamilo LmsOSV
Range: CHAMILO_1_8_7_ALPHA_1, CHAMILO_1_8_7_ALPHA_2, CHAMILO_1_8_7_RC2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000