CVE-2025-69581

Name of the Vulnerable Software and Affected Versions Chamillo LMS version 1.11.2

Description The Social Network /personal data API endpoint in Chamillo LMS does not implement proper cache control, leading to exposure of full sensitive user information even after logout. Utilizing the browser back button allows unauthorized users on the same device to view confidential information, potentially resulting in profiling, impersonation, and targeted attacks. The issue poses significant privacy risks. The vulnerable API endpoint is /personal data.

Recommendations Apply appropriate cache-control headers to the /personal data API endpoint to prevent sensitive data from being cached and accessible after logout.