EUVD-2025-197998

ID: EUVD-2025-197998

Severity: medium

CVSS v4: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Windu CMS is vulnerable to Cross-Site Request Forgery in file uploading functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send malicious file to the server. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

Timestamps

Normalized: 2025-12-31T11:32:42Z UTC
Last updated: 2025-12-31T11:32:05Z UTC

References

No references provided.

VulnAI

EUVD-2025-197998

Description

Timestamps

References