CVE-2025-55040 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 18, 2026
MuraCMS - Cross Site Request Forgery
Overview
MuraCMS through 10.1.10 contains a cross site request forgery caused by lack of CSRF token validation in cForm.importform, letting attackers upload malicious form definitions via authenticated admin interaction.
Severity & Score
Impact
Authenticated administrators can be tricked into installing malicious forms that steal sensitive user information.
Mitigation
Update to the latest version beyond 10.1.10.
References
Social Media Activity(2 posts)
š CVE-2025-55040 - High (8.8) The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious website... š https://www.thehackerwire.com/vulnerability/CVE-2025-55040/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2025-55040 - High (8.8) The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious website... š https://www.thehackerwire.com/vulnerability/CVE-2025-55040/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-55040
- Severity
- High
- CVSS Score
- 8.8
- Type
- cross_site_request_forgery
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H