CSRF Vulnerability in MuraCMS Affects User Address Manipulation
CVE-2025-55045
What is CVE-2025-55045?
The MuraCMS platform up to version 10.1.10 is vulnerable to a Cross-Site Request Forgery (CSRF) attack, specifically affecting the cUsers.updateAddress function. This vulnerability arises from the absence of CSRF token validation, allowing malicious actors to send crafted requests to alter user address information when an authenticated administrator unknowingly visits a malicious webpage. Exploitation can lead to unauthorized additions, modifications, or deletions of user addresses, compromising the integrity of user data and disrupting organizational communications. Attackers may inject their contact details into legitimate user records, reroute essential messages, or erase valid data, further paving the way for potential social engineering tactics using the falsified information.
