CSRF Vulnerability in MuraCMS Product Affecting Bluebird Solutions
CVE-2025-55040

8.8HIGH

Key Information:

Status
Vendor
CVE Published:
18 March 2026

What is CVE-2025-55040?

A CSRF vulnerability in MuraCMS 10.1.10 allows attackers to exploit the cForm.importform function to upload malicious form definitions. By leveraging the lack of CSRF token validation, attackers can forge requests to install these forms on systems visited by authenticated administrators. When the administrator unknowingly accesses a crafted webpage and uploads a ZIP file containing the attacker's form definitions, this can lead to the installation of malicious data collection forms designed to harvest sensitive user information. Organizations using MuraCMS should prioritize securing their installations against such vulnerabilities to prevent unauthorized access and data breaches.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.