Windu CMS Vulnerable to Cross-Site Request Forgery in File Uploads
CVE-2025-59114

5.1MEDIUM

Key Information:

Vendor: Jcd
Status: Windu Cms
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-59114?

Windu CMS has a security vulnerability that enables Cross-Site Request Forgery (CSRF) through its file uploading functionality. This flaw allows an attacker to create a malicious website that, when visited by the target user, can send unauthorized file uploads to the server without the victim's consent. The vendor has been informed of this vulnerability, but there has been no communication regarding a patch or the range of potentially affected versions beyond the tested 4.1. This lack of transparency raises concerns about user safety and data integrity for those utilizing Windu CMS.

Affected Version(s)

Windu CMS 4.1

References

https://windu.org

product

https://cert.pl/posts/2025/11/CVE-2025-59110

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Sep 9, 2025

Credit

Karol Czubernat

JSON

Jcd

What is CVE-2025-59114?

Affected Version(s)

References

CVSS V4

Timeline

Credit