CSRF Vulnerability in MuraCMS Product by Mura Software
CVE-2025-55044
8.8HIGH
What is CVE-2025-55044?
The Trash Restore CSRF vulnerability in MuraCMS prior to version 10.1.10 allows attackers to exploit the cTrash.restore function that lacks proper CSRF token validation. This flaw enables malicious actors to forge requests, restoring deleted content to unauthorized locations when an authenticated administrator accesses a crafted webpage. By manipulating the parentid parameter, attackers can reinstate previously deleted content, which could lead to sensitive documents being publicly accessible, the navigation structure of the website being altered, or risk reintroducing outdated or harmful materials that were intentionally removed to comply with security policies.
