Home / Vulnerability Intelligence / CVE-2025-55046

CVE-2025-55046 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 19, 2026

MuraCMS - Cross Site Request Forgery

Published: March 18, 2026Updated: March 19, 2026Remote Exploitable

Overview

MuraCMS through 10.1.10 contains a cross site request forgery caused by lack of CSRF token validation in cTrash.empty function, letting attackers permanently delete all trashed content when an authenticated administrator visits a crafted webpage.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated administrators can be tricked into permanently deleting all trashed content, causing catastrophic data loss.

Mitigation

Update to the latest version that includes CSRF token validation for cTrash.empty function.

References

https://docs.murasoftware.com/v10/release-notes/#section-version-1014
https://www.murasoftware.com

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-55046
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: unconfirmed

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H