CSRF Vulnerability in MuraCMS Affects Sensitive Data Management
CVE-2025-55043
6.5MEDIUM
What is CVE-2025-55043?
MuraCMS version 10.1.10 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability within its bundle creation functionality. This flaw allows unauthenticated attackers to manipulate administrators into creating and saving site bundles that contain sensitive information in publicly accessible directories. As a result, attackers can exfiltrate critical data, including user credentials, password hashes, email lists, and other valuable site content without the administrator's knowledge. This CSRF attack proceeds silently, putting confidential information at risk of unauthorized access and compromising overall data security.
