EUVD-2025-208827

| CVE-2025-55040 HIGH
2026-03-18 mitre
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 18, 2026 - 16:15 vuln.today
EUVD ID Assigned
Mar 18, 2026 - 16:15 euvd
EUVD-2025-208827
CVE Published
Mar 18, 2026 - 00:00 nvd
HIGH 8.8

Tags

CSRF File Upload

Description

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install attacker-controlled forms when an authenticated administrator visits a crafted webpage. Full exploitation of this vulnerability would require the victim to select a malicious ZIP file containing form definitions, which can be automatically generated by the exploit page and used to create data collection forms that steal sensitive information. Successful exploitation of the import form CSRF vulnerability could result in the installation of malicious data collection forms on the target MuraCMS website that can steal sensitive user information. When an authenticated administrator visits a malicious webpage containing the CSRF exploit and selects the attacker-generated ZIP file, their browser uploads and installs form definitions that create legitimate forms that could be designed with malicious content.

Analysis

MuraCMS versions through 10.1.10 contain a Cross-Site Request Forgery (CSRF) vulnerability in the cForm.importform function that lacks proper token validation, allowing attackers to deceive authenticated administrators into uploading and installing malicious form definitions. An attacker can craft a malicious webpage that, when visited by an authenticated MuraCMS administrator, automatically generates and submits a forged file upload request containing a ZIP archive with attacker-controlled form definitions. Successful exploitation results in the installation of data-harvesting forms on the target website that can steal sensitive user information collected through legitimate-appearing web forms. No active exploitation in the wild has been documented (KEV status unknown), and no formal CVSS score has been assigned, though the vulnerability requires user interaction (administrator must visit the malicious page) which moderates the overall risk profile.

Technical Context

The vulnerability exists in the cForm component of MuraCMS, a content management system used for building web applications and data collection portals. The root cause is classified under CSRF (Cross-Site Request Forgery) and improper file upload handling—specifically, the importform function fails to validate CSRF tokens before processing file uploads containing form definition packages. MuraCMS uses a form import mechanism that accepts ZIP files containing serialized form configuration data; this mechanism is exposed to CSRF attacks because the endpoint does not implement proper token validation or same-origin policy enforcement. The affected product is identified as MuraCMS (vendor: Mura Software, though CPE data in the intelligence feed shows generic placeholders rather than specific vendor/product identifiers), impacting versions up to and including 10.1.10. The vulnerability class falls under CWE-352 (Cross-Site Request Forgery) combined with insecure file upload practices.

Affected Products

MuraCMS versions up to and including 10.1.10 are affected by this vulnerability. The vendor, Mura Software, has confirmed the issue in their release notes and documentation (referenced at https://docs.murasoftware.com/v10/release-notes/#section-version-1014), which indicates that a fix has been incorporated in version 10.1.4 or a subsequent release. Organizations running MuraCMS 10.1.10 or earlier should verify their version against the patch status. The CPE data provided in the intelligence feed uses generic placeholders (cpe:2.3:a:n/a:n/a:*) rather than specific Mura Software identifiers, suggesting incomplete vendor registration in vulnerability databases; however, the Mura Software website (https://www.murasoftware.com) serves as the authoritative source for version and product information.

Remediation

Upgrade MuraCMS immediately to version 10.1.4 or later, as confirmed by the vendor release notes at https://docs.murasoftware.com/v10/release-notes/#section-version-1014. Until patching is completed, implement the following compensating controls: restrict administrative access to MuraCMS to trusted IP addresses via firewall or reverse proxy rules; educate administrators to avoid visiting untrusted websites while authenticated to MuraCMS and to never import form definition files from unknown sources; implement Content Security Policy (CSP) headers with 'X-Frame-Options: DENY' to mitigate clickjacking attacks that could bundle the CSRF payload; enable CSRF token validation in the application configuration if available as a feature flag. Additionally, monitor form import logs for suspicious ZIP files containing unexpected form definitions and audit the form library regularly for unauthorized additions.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0

Share

EUVD-2025-208827 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy