216.73.216.86

CVE-2025-59110

· Published 18/11/2025 15:16 · Modified 05/12/2025 13:16

Labels: CVE-2025-59110 2025-11-18CVE-2025-59110CWE-352[email protected]

Essential information

Published
18/11/2025 15:16
Modified
05/12/2025 13:16
Author
Creator
CVSS
6.8 MEDIUM (v3) 6.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
windu / windu cms cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*

References