← volver
CVE-2025-59110

Cross-Site Request Forgery in Windu CMS

CVSS 6.8 MEDIUMEPSS 0.1%CWE-352
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 nov 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
JCD · Windu CMS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.pl/posts/2025/11/CVE-2025-59110https://windu.org/