CVE-2025-55044
Published: 18 March 2026
Summary
CVE-2025-55044 is a high-severity CSRF (CWE-352) vulnerability in Murasoftware Mura Cms. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 mandates mechanisms like CSRF tokens to protect session authenticity, directly preventing forged requests to the cTrash.restore function that lack token validation.
SI-2 requires timely identification, reporting, and correction of flaws such as the missing CSRF validation in cTrash.restore, enabling patching to versions beyond 10.1.10.
SI-10 enforces validation of inputs like the parentid parameter in trash restore requests, mitigating unauthorized location specifications even in potentially forged requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing CMS directly enables exploitation of the web application to perform unauthorized actions (content restoration/manipulation) via forged requests abusing admin sessions.
NVD Description
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content…
more
to arbitrary parent locations when an authenticated administrator visits a crafted webpage. Successful exploitation of the Trash Restore CSRF vulnerability results in unauthorized restoration of deleted content to potentially inappropriate or malicious locations within the MuraCMS website structure. When an authenticated administrator visits a malicious webpage containing the CSRF exploit, their browser automatically submits a hidden form that restores specified content from the trash to a location determined by the attacker through the parentid parameter. This can lead to restoration of previously deleted malicious content, placement of sensitive documents in public areas, manipulation of website navigation structure, or restoration of outdated content that was intentionally removed for security or compliance reasons.
Deeper analysisAI
CVE-2025-55044 is a Cross-Site Request Forgery (CSRF) vulnerability in the Trash Restore functionality of MuraCMS through version 10.1.10. The issue resides in the cTrash.restore function, which lacks proper CSRF token validation, allowing attackers to forge requests that restore deleted content from the trash to unauthorized parent locations specified via the parentid parameter. This flaw, associated with CWE-352, has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
The vulnerability can be exploited by unauthenticated attackers (PR:N) who craft a malicious webpage containing a hidden form that submits a CSRF request. Exploitation requires an authenticated administrator (UI:R) to visit the attacker's webpage, at which point their browser automatically restores specified trash content to arbitrary locations chosen by the attacker. Successful attacks enable restoration of previously deleted malicious content, relocation of sensitive documents to public areas, manipulation of the website's navigation structure, or revival of outdated content removed for security or compliance reasons.
Mitigation details are provided in the MuraCMS v10 release notes, accessible at https://docs.murasoftware.com/v10/release-notes/ and specifically the version 10.1.4 section at https://docs.murasoftware.com/v10/release-notes/#section-version-1014, along with the official site at https://www.murasoftware.com. Security practitioners should review these advisories for patching instructions and upgrade to a fixed version beyond 10.1.10.
Details
- CWE(s)