Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-69581)

Description

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

Remediation

References

Related Vulnerabilities

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.14)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.9)

GeoServer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40625)

WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7724)

Severity

Medium

Classification

CVE-2025-69581 CWE-524 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities