What is the CVSS score of CVE-2025-69581?

CVE-2025-69581 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Chamilo Lms are affected by CVE-2025-69581?

CVE-2025-69581 presents moderate security risk rated CVSS 5.5. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

Is there a public PoC exploit available for CVE-2025-69581?

Yes, a public proof-of-concept exploit is available for CVE-2025-69581. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-69581?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Chamilo Lms CVE-2025-69581

MEDIUM

Use of Cache Containing Sensitive Information (CWE-524)

2026-01-16 cve@mitre.org

Information Disclosure Chamilo Lms

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 05, 2026 - 21:46 vuln.today

Public exploit code

CVE Published

Jan 16, 2026 - 20:15 nvd

MEDIUM 5.5

DescriptionNVD

An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

AnalysisAI

Technical ContextAI

Affects Chamilo Lms. An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-69581 vulnerability details – vuln.today

Back

Chamilo Lms CVE-2025-69581

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code