CVE-2025-55043 in MuraCMS정보

요약

\~에 의해 MITRE • 2026. 03. 18.

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

MITRE

예약하다

2025. 08. 06.

모더레이션

수락

항목

VDB-351553

EPSS

0.00039

KEV

아니요

활동

매우 낮음

출처

MITREhttps://www.cve.org/CVERecord?id=CVE-2025-55043
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-55043
CVE Detailshttps://www.cvedetails.com/cve/CVE-2025-55043/

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!