CVE-2025-55043 is a CSRF vulnerability identified in MuraCMS, a popular content management system, affecting versions up to 10.1.10. The flaw resides in the createBundle method within the csettings.cfc component responsible for generating site bundles. An attacker can craft a malicious request that, when an authenticated administrator unknowingly executes (e.g., by clicking a link), forces the CMS to create and save a site bundle containing sensitive data. These bundles include user credentials, password hashes, form data, email lists, plugins, and other site content. Because the bundles are stored in publicly accessible web directories, attackers can download them directly without authentication. The vulnerability requires no privileges or authentication from the attacker and exploits the lack of CSRF protections on the bundle creation endpoint. The attack is silent, leaving administrators unaware of the data compromise. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, but requires user interaction, with high confidentiality impact and no integrity or availability impact. Although no public exploits are known, the vulnerability poses a significant risk due to the sensitive nature of the exposed data and the ease of exploitation through social engineering. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery).

This vulnerability can lead to complete data exfiltration from affected MuraCMS installations, exposing highly sensitive information such as user accounts, password hashes, and private site content. Organizations relying on MuraCMS for website management risk severe confidentiality breaches that could facilitate further attacks, including credential stuffing, phishing, or targeted exploitation using stolen data. Since the attack does not require attacker authentication and can be executed remotely via social engineering, the threat surface is broad. The silent nature of the attack means administrators may remain unaware of the breach, delaying detection and response. This can result in prolonged exposure and increased damage. The vulnerability does not affect system integrity or availability directly but compromises trust and confidentiality, potentially leading to reputational damage, regulatory penalties, and loss of customer trust.

1. Implement robust anti-CSRF tokens on all state-changing endpoints, especially the bundle creation functionality, to ensure requests originate from legitimate sources. 2. Restrict access permissions on directories where bundles are stored to prevent public access; consider moving bundle storage outside the web root or applying strict access controls via web server configuration. 3. Monitor logs and audit trails for unusual bundle creation activity or access patterns indicative of exploitation attempts. 4. Educate administrators about phishing and social engineering risks to reduce the likelihood of clicking malicious links. 5. Apply the principle of least privilege for administrator accounts and consider multi-factor authentication to reduce risk from compromised credentials. 6. Regularly update MuraCMS to the latest versions once patches addressing this vulnerability are released. 7. Employ web application firewalls (WAFs) to detect and block suspicious CSRF attack patterns targeting the bundle creation endpoint. 8. Conduct security assessments and penetration testing focused on CSRF and sensitive data exposure vectors within the CMS environment.