CVE-2025-59114

EPSS 0.02%
Veröffentlicht 18.11.2025 13:26:31
Zuletzt bearbeitet 05.12.2025 13:16:03
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windu ≫ Windu Cms Version4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.025

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
cvd@cert.pl	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://cert.pl/posts/2025/11/CVE-2025-59110

Third Party Advisory

https://windu.org

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-59114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59114

EUVD