CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.murasoftware.com/v10/release-notes/#section-version-1014	Release Notes
https://www.murasoftware.com	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-18 16:16

Updated : 2026-03-20 18:12

NVD link : CVE-2025-55043

Mitre link : CVE-2025-55043

CVE.ORG link : CVE-2025-55043

JSON object : View

Products Affected

murasoftware

mura_cms

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2025-55043", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-18T16:16:23.427", "references": [{"url": "https://docs.murasoftware.com/v10/release-notes/#section-version-1014", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.murasoftware.com", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download."}, {"lang": "es", "value": "MuraCMS hasta la versi\u00f3n 10.1.10 contiene una vulnerabilidad CSRF en la funcionalidad de creaci\u00f3n de paquetes (m\u00e9todo createBundle de csettings.cfc) que permite a atacantes no autenticados forzar a los administradores a crear y guardar paquetes de sitio que contienen datos sensibles en directorios de acceso p\u00fablico. Esta vulnerabilidad permite la exfiltraci\u00f3n completa de datos, incluyendo cuentas de usuario, hashes de contrase\u00f1as, env\u00edos de formularios, listas de correo electr\u00f3nico, plugins y contenido del sitio, sin el conocimiento del administrador. Esta vulnerabilidad CSRF permite la exfiltraci\u00f3n completa de datos de instalaciones de MuraCMS sin requerir autenticaci\u00f3n. Los atacantes pueden forzar a los administradores a crear paquetes de sitio sin saberlo, que contienen datos sensibles, los cuales se guardan en directorios web de acceso p\u00fablico. El ataque se ejecuta silenciosamente, dejando a los administradores sin saber que la informaci\u00f3n confidencial ha sido comprometida y est\u00e1 disponible para descarga no autorizada."}], "lastModified": "2026-03-20T18:12:06.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB4646EE-1255-4B42-890A-E0B57EBFE2CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}