CVE-2025-59110

EPSS 0.02%
Veröffentlicht 18.11.2025 13:26:29
Zuletzt bearbeitet 05.12.2025 13:16:03
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windu ≫ Windu Cms Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.021

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvd@cert.pl	6.8	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://windu.org/

Product

https://cert.pl/posts/2025/11/CVE-2025-59110

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59110

EUVD