CVE-2025-69581 – Chamilo LMS 1.11.2 fails to properly clear cach... (How to Fix)

📋 TL;DR

Chamilo LMS 1.11.2 fails to properly clear cached sensitive user data from the Social Network/personal_data endpoint after logout. This allows subsequent users of the same device to access previous users' personal information via browser back button or cache restoration, affecting all users of vulnerable Chamilo LMS instances.

💻 Affected Systems

Products:

Chamilo LMS

Versions: 1.11.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of Chamilo LMS 1.11.2 regardless of configuration. The vulnerability exists in the Social Network module's personal_data endpoint.

📦 What is this software?

Chamilo Lms by Chamilo

View all CVEs affecting Chamilo Lms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious actors on shared devices could access complete personal profiles, enabling identity theft, targeted phishing campaigns, or impersonation attacks against users.

🟠

Likely Case

Accidental exposure of personal data to subsequent users on shared computers or public terminals, leading to privacy violations and potential harassment.

🟢

If Mitigated

With proper cache-control headers and session management, no sensitive data persists after logout, eliminating the information disclosure risk.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical or remote access to a device where a user previously logged into a vulnerable Chamilo instance. No authentication needed for the cached data access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not yet released

Vendor Advisory: https://github.com/chamilo/chamilo-lms

Restart Required: No

Instructions:

1. Monitor Chamilo security advisories for patch release
2. Apply patch when available
3. Clear application cache after patching

🔧 Temporary Workarounds

Add Cache-Control Headers

all

Manually implement proper cache-control headers for the /personal_data endpoint to prevent browser caching

Add to application configuration or .htaccess: Cache-Control: no-store, no-cache, must-revalidate, max-age=0

Session Management Enhancement

all

Implement server-side session invalidation on logout to clear all user data

Modify logout function to destroy session and clear user-specific cache

🧯 If You Can't Patch

Implement mandatory logout timeout policies and educate users to manually clear browser cache after using shared devices
Deploy web application firewall rules to strip caching headers from sensitive endpoints

🔍 How to Verify

Check if Vulnerable:

1. Log into Chamilo LMS 1.11.2
2. Access Social Network/personal_data
3. Log out
4. Use browser back button - if personal data appears, system is vulnerable

Check Version:

Check Chamilo version in admin panel or via CHAMILO_VERSION constant

Verify Fix Applied:

Repeat verification steps after applying fix - personal data should not be accessible after logout

📡 Detection & Monitoring

Log Indicators:

Multiple user sessions from same IP accessing /personal_data endpoint in quick succession
Unauthorized access attempts to cached user data

Network Indicators:

Missing Cache-Control headers in HTTP responses for sensitive endpoints
Browser caching directives present on personal data responses

SIEM Query:

source="web_server" AND (uri="/personal_data" OR uri="/social/personal_data") AND status=200 AND cache-control=""

📊 Metadata

CVE ID: CVE-2025-69581

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-524

EPSS Score: 0% exploit probability (0.2th percentile)

Published: January 16, 2026

Last Updated: February 5, 2026

🔗 References

https://github.com/Rivek619/CVE-2025-69581 Third Party Advisory,Exploit
https://github.com/chamilo/chamilo-lms Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69581, you might also want to check these: