CVE-2025-59116

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS (affected versions not specified)

Description Windu CMS is susceptible to User Enumeration. During the login process, differing messages can reveal whether a login attempt is valid, potentially enabling a brute force attack utilizing valid credentials. The vendor was informed of this issue but did not provide details regarding vulnerable versions. Testing confirmed version 4.1 as vulnerable, and other versions may also be affected.

Recommendations Versions prior to version 4.1 should be considered vulnerable and investigated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.