CVE-2025-59112

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS (affected versions not specified)

Description Windu CMS is susceptible to a Cross-Site Request Forgery (CSRF) issue within the user editing functionality. A malicious actor can create a specially crafted website that, when accessed by a victim, automatically submits a POST request to delete a specified user. The vendor was informed of this issue but did not provide details regarding vulnerable versions or a response.

Recommendations Apply a fix for Windu CMS version 4.1. Address the Cross-Site Request Forgery issue in all other potentially vulnerable versions of Windu CMS.