# CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on the same device to view confidential information. This leads to profiling, impersonation, targeted attacks, and significant privacy risks. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India. <img width="389" height="129" alt="image" src="https://github.com/user-attachments/assets/339dcc08-7c09-4024-9802-84703aa7893a" /> **Affected Product: Chamilo LMS** * Affected Version: 1.11.2 * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India** ## Vulnerability Details Information Disclosure # Summary The vulnerability allows unauthorized access to sensitive user information in Overhang.IO Tutor (tutor-open-edx) version 20.0.2 due to improper client-side session handling and missing cache-control headers. After logging out, user-specific PII remains accessible simply by pressing the browser’s back button, exposing sensitive account details without reauthentication. This flaw constitutes an Information Disclosure vulnerability and poses a risk to user privacy and session integrity. ## Steps to Reproduce 1. Have a valid account 2. Log in to the account 3. Go to Social Network > Personal Data 4. Click on user_info 5. Note all the Sensitive PII Information 6. Now simply click on logout and wait for the page to log out 7. Now click on the browser back button Note all the PII Being disclosed clearly without any proper cache control # Acknowledgement This vulnerability was discovered and responsibly reported by: **Rivek Raj Tamang (RivuDon) from Sikkim, India** https://www.linkedin.com/in/rivektamang/ https://rivudon.medium.com/