Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.
Only version 4.1 was tested and confirmed as vulnerable.
This issue was fixed in version 4.1 build 2250.
References
| Link | Resource |
|---|---|
| https://cert.pl/posts/2025/11/CVE-2025-59110 | Third Party Advisory |
| https://windu.org | Product |
Configurations
History
05 Dec 2025, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250. |
20 Nov 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Windu
Windu windu Cms |
|
| CPE | cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:* | |
| References | () https://cert.pl/posts/2025/11/CVE-2025-59110 - Third Party Advisory | |
| References | () https://windu.org - Product | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
18 Nov 2025, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-18 15:16
Updated : 2025-12-05 13:16
NVD link : CVE-2025-59116
Mitre link : CVE-2025-59116
CVE.ORG link : CVE-2025-59116
JSON object : View
Products Affected
windu
- windu_cms
CWE
CWE-204
Observable Response Discrepancy