FKIE_CVE-2025-55043

Vulnerability from fkie_nvd - Published: 2026-03-18 16:16 - Updated: 2026-03-20 18:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download.
References
cve@mitre.orghttps://docs.murasoftware.com/v10/release-notes/#section-version-1014Release Notes
cve@mitre.orghttps://www.murasoftware.comProduct
Impacted products
Vendor Product Version
murasoftware mura_cms -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4646EE-1255-4B42-890A-E0B57EBFE2CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download."
    },
    {
      "lang": "es",
      "value": "MuraCMS hasta la versi\u00f3n 10.1.10 contiene una vulnerabilidad CSRF en la funcionalidad de creaci\u00f3n de paquetes (m\u00e9todo createBundle de csettings.cfc) que permite a atacantes no autenticados forzar a los administradores a crear y guardar paquetes de sitio que contienen datos sensibles en directorios de acceso p\u00fablico. Esta vulnerabilidad permite la exfiltraci\u00f3n completa de datos, incluyendo cuentas de usuario, hashes de contrase\u00f1as, env\u00edos de formularios, listas de correo electr\u00f3nico, plugins y contenido del sitio, sin el conocimiento del administrador. Esta vulnerabilidad CSRF permite la exfiltraci\u00f3n completa de datos de instalaciones de MuraCMS sin requerir autenticaci\u00f3n. Los atacantes pueden forzar a los administradores a crear paquetes de sitio sin saberlo, que contienen datos sensibles, los cuales se guardan en directorios web de acceso p\u00fablico. El ataque se ejecuta silenciosamente, dejando a los administradores sin saber que la informaci\u00f3n confidencial ha sido comprometida y est\u00e1 disponible para descarga no autorizada."
    }
  ],
  "id": "CVE-2025-55043",
  "lastModified": "2026-03-20T18:12:06.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-18T16:16:23.427",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.murasoftware.com"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.