CVE-2025-59110
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-59110, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-11-18
Last updated on: 2025-12-05
Assigner: CERT.PL
Description
Description
Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account.
Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| windu | windu_cms | 4.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |