CVE-2025-59116

Medium CVSS: 6.9

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.

Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.

Vendor

Windu

Product

Windu Cms

CWE

CWE-204

Yayın Tarihi

2025-11-18 15:16:34

Güncelleme

2025-12-05 13:16:04

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-204 Windu Cms MEDIUM Windu 2025

Referanslar

https://cert.pl/posts/2025/11/CVE-2025-59110 https://windu.org

Benzer Kayıtlar

Medium

CVE-2025-59117

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu…

Medium

CVE-2025-59112

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Malicious attacker can craft specia…

Medium

CVE-2025-59113

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt co…

Medium

CVE-2025-59114

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft spec…

Medium

CVE-2025-59115

Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the logon page where input data has no proper validation…

Medium

CVE-2025-59110

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechani…