CSRF Vulnerability in MuraCMS by Mura Software
CVE-2025-55046
8.1HIGH
What is CVE-2025-55046?
MuraCMS versions up to 10.1.10 are susceptible to a serious CSRF vulnerability in the cTrash.empty function. This flaw permits malicious actors to craft deceptive requests, leading to the irreversible deletion of all content in the trash system. When an authenticated administrator unwittingly visits a compromised webpage, their browser can execute hidden requests that clear out the trash without any user prompts or validation, resulting in significant data loss and disruption within the MuraCMS environment.
