CVE-2025-59114

MEDIUM

Windu Cms - CSRF

Title source: rule

Description

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

References (2)

[Third Party Advisory] https://cert.pl/posts/2025/11/CVE-2025-59110

[Product] https://windu.org

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 4.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (1)

windu/windu_cms

Timeline

Published Nov 18, 2025

Tracked Since Feb 18, 2026