CVE-2025-59110

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS (affected versions not specified)

Description Windu CMS has a flaw that allows attackers to perform Cross-Site Request Forgery (CSRF) attacks in the user editing functionality. The existing CSRF protection can be circumvented by utilizing the CSRF token from another user. Registration is open to anyone, allowing for easy account creation.

Recommendations Apply a fix for Windu CMS version 4.1. Implement a robust CSRF protection mechanism that prevents the use of CSRF tokens from other users.