CVE-2025-55043

MEDIUM 6.5

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download.

Vendor	n/a
Product	n/a
Published	Mar 18, 2026
Last Updated	Mar 19, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

murasoftware.com: https://www.murasoftware.com docs.murasoftware.com: https://docs.murasoftware.com/v10/release-notes/#section-version-1014