CVE-2025-59111
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-18

Last updated on: 2025-12-05

Assigner: CERT.PL

Description
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-18
Last Modified
2025-12-05
Generated
2026-06-16
AI Q&A
2025-11-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59111
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
windu windu_cms 4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Windu CMS involves Broken Access Control in the user editing functionality. A malicious attacker can send a specially crafted GET request that allows privileged users to delete Super Admin accounts, an action that is not possible through the normal graphical user interface (GUI).

Impact Analysis

The vulnerability can allow attackers with some level of privilege to delete Super Admin accounts, potentially leading to loss of critical administrative control over the CMS. This could result in unauthorized changes, disruption of services, or further exploitation of the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59111. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart