CVE-2025-55045

Name of the Vulnerable Software and Affected Versions MuraCMS versions through 10.1.10

Description A Cross-Site Request Forgery (CSRF) issue exists in MuraCMS through version 10.1.10, allowing attackers to manipulate user address information. The cUsers.updateAddress function does not validate CSRF tokens, enabling malicious websites to forge requests. Successful exploitation allows adding, modifying, or deleting user addresses when an authenticated administrator visits a crafted webpage. This can lead to misdirected sensitive communications, compromise of user privacy, disruption of business correspondence, and potential social engineering attacks.

Recommendations Update MuraCMS to a version later than 10.1.10.