216.73.216.170

CVE-2025-59113

· Published 18/11/2025 15:16 · Modified 05/12/2025 13:16

Labels: CVE-2025-59113 2025-11-18CVE-2025-59113CWE-307[email protected]

Essential information

Published
18/11/2025 15:16
Modified
05/12/2025 13:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
windu / windu cms cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*

References