CVE-2025-59112

Medium CVSS: 5.1

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send POST request that deletes given user.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Vendor

Windu

Product

Windu Cms

CWE

CWE-352

Yayın Tarihi

2025-11-18 15:16:33

Güncelleme

2025-12-05 13:16:03

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-352 Windu Cms MEDIUM Windu 2025

Referanslar

https://cert.pl/posts/2025/11/CVE-2025-59110 https://windu.org

Benzer Kayıtlar

Medium

CVE-2025-59116

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow…

Medium

CVE-2025-59117

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu…

Medium

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt co…

Medium

CVE-2025-59114

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft spec…

Medium

CVE-2025-59115

Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation…

Medium

CVE-2025-59110

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechani…