ГлавнаяУязвимости → CVE-2025-59113
7.5высокая

CVE-2025-59113

Описание

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

Затрагиваемое ПО
Windu Windu cms
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://cert.pl/posts/2025/11/CVE-2025-59110https://windu.org