Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server.
Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.
References
| Link | Resource |
|---|---|
| https://cert.pl/posts/2025/11/CVE-2025-59110 | Third Party Advisory |
| https://windu.org | Product |
Configurations
History
05 Dec 2025, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250. |
20 Nov 2025, 15:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cert.pl/posts/2025/11/CVE-2025-59110 - Third Party Advisory | |
| References | () https://windu.org - Product | |
| CPE | cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| First Time |
Windu
Windu windu Cms |
18 Nov 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-18 15:16
Updated : 2025-12-05 13:16
NVD link : CVE-2025-59114
Mitre link : CVE-2025-59114
CVE.ORG link : CVE-2025-59114
JSON object : View
Products Affected
windu
- windu_cms
CWE
CWE-352
Cross-Site Request Forgery (CSRF)