216.73.217.126

CVE-2025-59111

· Published 18/11/2025 15:16 · Modified 05/12/2025 13:16

Labels: CVE-2025-59111 2025-11-18CVE-2025-59111CWE-863[email protected]

Essential information

Published
18/11/2025 15:16
Modified
05/12/2025 13:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
windu / windu cms cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*

References