CVE-2025-55044

EPSS 0.02%
Veröffentlicht 18.03.2026 16:16:23
Zuletzt bearbeitet 20.03.2026 18:11:46
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content to arbitrary parent locations when an authenticated administrator visits a crafted webpage. Successful exploitation of the Trash Restore CSRF vulnerability results in unauthorized restoration of deleted content to potentially inappropriate or malicious locations within the MuraCMS website structure. When an authenticated administrator visits a malicious webpage containing the CSRF exploit, their browser automatically submits a hidden form that restores specified content from the trash to a location determined by the attacker through the parentid parameter. This can lead to restoration of previously deleted malicious content, placement of sensitive documents in public areas, manipulation of website navigation structure, or restoration of outdated content that was intentionally removed for security or compliance reasons.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Murasoftware ≫ Mura Cms Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.045

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://docs.murasoftware.com/v10/release-notes/#section-version-1014

Release Notes

https://www.murasoftware.com

Product

https://docs.murasoftware.com/v10/release-notes/

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-55044

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55044

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55044

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55044