CSRF Vulnerability in MuraCMS Affects User Address Manipulation
CVE-2025-55045

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
18 March 2026

What is CVE-2025-55045?

The MuraCMS platform up to version 10.1.10 is vulnerable to a Cross-Site Request Forgery (CSRF) attack, specifically affecting the cUsers.updateAddress function. This vulnerability arises from the absence of CSRF token validation, allowing malicious actors to send crafted requests to alter user address information when an authenticated administrator unknowingly visits a malicious webpage. Exploitation can lead to unauthorized additions, modifications, or deletions of user addresses, compromising the integrity of user data and disrupting organizational communications. Attackers may inject their contact details into legitimate user records, reroute essential messages, or erase valid data, further paving the way for potential social engineering tactics using the falsified information.

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.