CVE-2025-59113

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS (affected versions not specified)

Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts server-side. This allows an attacker to bypass the brute-force protection by resetting the loginError parameter. The vendor was notified of this issue but did not provide details regarding vulnerable versions.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the login functionality until a patch is available.