CVE-2025-59111

EPSS 0.26%
Veröffentlicht 18.11.2025 13:26:39
Zuletzt bearbeitet 05.12.2025 13:16:03
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Broken Access Control in Windu CMS

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windu ≫ Windu Cms Version4.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.167

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	1.2	5.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvd@cert.pl	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://cert.pl/posts/2025/11/CVE-2025-59110

Third Party Advisory

https://windu.org

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-59111

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59111

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59111

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59111