CVE-2025-55043

Name of the Vulnerable Software and Affected Versions MuraCMS versions through 10.1.10

Description MuraCMS installations are susceptible to a Cross-Site Request Forgery (CSRF) issue within the bundle creation functionality, specifically the csettings.cfc createBundle method. This allows unauthenticated attackers to compel administrators to generate and store site bundles—containing sensitive data—in publicly accessible directories. The compromised data includes user accounts, password hashes, form submissions, email lists, plugins, and site content. The attack operates without the administrator’s knowledge, enabling complete data exfiltration. The createBundle method is vulnerable to exploitation.

Recommendations Versions prior to 10.1.10 should be updated.