Cross-Site Request Forgery Vulnerability in Windu CMS by Windu
CVE-2025-59112

5.1MEDIUM

Key Information:

Vendor: Jcd
Status: Windu Cms
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-59112?

Windu CMS contains a vulnerability that exposes its user editing functionality to Cross-Site Request Forgery (CSRF) attacks. This allows malicious attackers to create specially crafted websites that can send unauthorized POST requests on behalf of users when they visit the site. This could result in actions such as user deletion being executed without the user's consent. While version 4.1 has been confirmed vulnerable, the vendor has not provided information about other potentially affected versions, leaving other releases unassessed.

Affected Version(s)

Windu CMS 4.1

References

https://windu.org

product

https://cert.pl/posts/2025/11/CVE-2025-59110

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 9, 2025

Credit

Karol Czubernat

JSON

Jcd

What is CVE-2025-59112?

Affected Version(s)

References

CVSS V4

Timeline

Credit