CSRF Vulnerability in MuraCMS by Mura Software
CVE-2025-55046

8.1HIGH

Key Information:

Status
Vendor
CVE Published:
18 March 2026

What is CVE-2025-55046?

MuraCMS versions up to 10.1.10 are susceptible to a serious CSRF vulnerability in the cTrash.empty function. This flaw permits malicious actors to craft deceptive requests, leading to the irreversible deletion of all content in the trash system. When an authenticated administrator unwittingly visits a compromised webpage, their browser can execute hidden requests that clear out the trash without any user prompts or validation, resulting in significant data loss and disruption within the MuraCMS environment.

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.