CVE-2025-55040
Published: 18 March 2026
Summary
CVE-2025-55040 is a high-severity CSRF (CWE-352) vulnerability in Murasoftware Mura Cms. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 mandates mechanisms like CSRF tokens to protect session authenticity, directly addressing the lack of token validation in the cForm.importform function that enables forged file upload requests.
SI-2 requires timely flaw remediation, directly mitigating CVE-2025-55040 by applying the patch provided in MuraCMS version 10.1.4.
SI-10 enforces information input validation at the importform function, preventing forged requests by validating CSRF tokens and ZIP file contents.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF on file upload function directly enables drive-by compromise via malicious webpage that forges authenticated upload of attacker-controlled content.
NVD Description
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install…
more
attacker-controlled forms when an authenticated administrator visits a crafted webpage. Full exploitation of this vulnerability would require the victim to select a malicious ZIP file containing form definitions, which can be automatically generated by the exploit page and used to create data collection forms that steal sensitive information. Successful exploitation of the import form CSRF vulnerability could result in the installation of malicious data collection forms on the target MuraCMS website that can steal sensitive user information. When an authenticated administrator visits a malicious webpage containing the CSRF exploit and selects the attacker-generated ZIP file, their browser uploads and installs form definitions that create legitimate forms that could be designed with malicious content.
Deeper analysisAI
CVE-2025-55040 is a cross-site request forgery (CSRF) vulnerability, classified under CWE-352, affecting MuraCMS through version 10.1.10. The issue resides in the cForm.importform function, which lacks CSRF token validation. This allows attackers to forge file upload requests from malicious websites, enabling the upload and installation of malicious form definitions when processed by the application.
The vulnerability can be exploited by unauthenticated attackers (PR:N) targeting authenticated administrators. In an attack scenario, the victim visits a crafted malicious webpage that automatically generates a ZIP file containing attacker-controlled form definitions. If the administrator selects and uploads this file, it installs legitimate-looking forms on the MuraCMS site designed to collect sensitive user information, potentially leading to data theft. Exploitation requires user interaction (UI:R) and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.
Mitigation details are provided in the MuraCMS v10 release notes for version 10.1.4 at https://docs.murasoftware.com/v10/release-notes/#section-version-1014, as referenced in the advisory. Additional information is available on the Mura Software website at https://www.murasoftware.com.
Details
- CWE(s)