CVE-2025-69581

{"id": "CVE-2025-69581", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-69581", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-16T21:44:47.065204Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "affected": [{"source": "cve@mitre.org", "affectedData": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}]}], "published": "2026-01-16T20:15:49.287", "references": [{"url": "https://github.com/Rivek619/CVE-2025-69581", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/chamilo/chamilo-lms", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-524"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Chamillo LMS 1.11.2. El endpoint /personal_data de la Red Social expone informaci\u00f3n sensible completa del usuario incluso despu\u00e9s de cerrar sesi\u00f3n porque falta un control de cach\u00e9 adecuado. Usar el bot\u00f3n de retroceso del navegador restaura todos los datos personales, permitiendo a usuarios no autorizados en el mismo dispositivo ver informaci\u00f3n confidencial. Esto conduce a la elaboraci\u00f3n de perfiles, suplantaci\u00f3n de identidad, ataques dirigidos y riesgos significativos para la privacidad."}], "lastModified": "2026-06-17T10:00:44.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3324481-48CB-4C31-881E-9487AB56DBC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}