CSRF Vulnerability in MuraCMS Product by Mura Software
CVE-2025-55044

8.8HIGH

Key Information:

Status
Vendor
CVE Published:
18 March 2026

What is CVE-2025-55044?

The Trash Restore CSRF vulnerability in MuraCMS prior to version 10.1.10 allows attackers to exploit the cTrash.restore function that lacks proper CSRF token validation. This flaw enables malicious actors to forge requests, restoring deleted content to unauthorized locations when an authenticated administrator accesses a crafted webpage. By manipulating the parentid parameter, attackers can reinstate previously deleted content, which could lead to sensitive documents being publicly accessible, the navigation structure of the website being altered, or risk reintroducing outdated or harmful materials that were intentionally removed to comply with security policies.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.