CVE-2025-69581 Affected Product Product: Chamilo LMS Version: 1.11.2 Discovered By Discoverer: Rivek Raj Tamang (RivuDon), Sikkim, India Vulnerability Details Type: Information Disclosure Summary The vulnerability allows unauthorized access to sensitive user information in Chamilo LMS 1.11.2 due to improper client-side session handling and missing cache-control headers. After logging out, user-specific PII remains accessible simply by pressing the browser's back button, exposing sensitive account details without reauthentication. This flaw constitutes an Information Disclosure vulnerability and poses a risk to user privacy and session integrity. Steps to Reproduce 1. Have a valid account 2. Log into the account 3. Go to Social Network > Personal Data 4. Click on user_info 5. Note all the Sensitive PII Information 6. Now simply click on logout and wait for the page to log out 7. Now click on the browser back button. Note all the PII being disclosed clearly without any proper cache control Acknowledgement This vulnerability was discovered and responsibly reported by: Rivek Raj Tamang (RivuDon) from Sikkim, India LinkedIn Medium