CVE-2025-59111

Medium CVSS: 6.9

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Vendor

Windu

Product

Windu Cms

CWE

CWE-863

Yayın Tarihi

2025-11-18 15:16:32

Güncelleme

2025-12-05 13:16:03

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-863 Windu Cms MEDIUM Windu 2025

Referanslar

https://cert.pl/posts/2025/11/CVE-2025-59110 https://windu.org

Benzer Kayıtlar

Medium

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow…

Medium

CVE-2025-59117

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu…

Medium

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft specia…

Medium

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt co…

Medium

CVE-2025-59114

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft spec…

Medium

CVE-2025-59115

Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation…