CVE-2025-55044 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 19, 2026
MuraCMS - Cross Site Request Forgery
Published: March 18, 2026Updated: March 19, 2026Remote Exploitable
Overview
MuraCMS through 10.1.10 contains a cross site request forgery caused by lack of CSRF token validation in cTrash.restore function, letting attackers restore deleted content to unauthorized locations via forged requests when an authenticated administrator visits a malicious webpage.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can restore deleted content to unauthorized locations, potentially leading to content manipulation or exposure of sensitive information.
Mitigation
Update to the latest version beyond 10.1.10 that includes CSRF protections.
References
Related Resources
Details
- CVE ID
- CVE-2025-55044
- Severity
- High
- CVSS Score
- 8.8
- Type
- cross_site_request_forgery
- Status
- unconfirmed
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H