CSRF Vulnerability in MuraCMS Affects Sensitive Data Management
CVE-2025-55043

6.5MEDIUM

Key Information:

Status
Vendor
CVE Published:
18 March 2026

What is CVE-2025-55043?

MuraCMS version 10.1.10 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability within its bundle creation functionality. This flaw allows unauthenticated attackers to manipulate administrators into creating and saving site bundles that contain sensitive information in publicly accessible directories. As a result, attackers can exfiltrate critical data, including user credentials, password hashes, email lists, and other valuable site content without the administrator's knowledge. This CSRF attack proceeds silently, putting confidential information at risk of unauthorized access and compromising overall data security.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.