CVE-2025-59116 MEDIUM

CVE-2025-59116: User enumeration in Windu CMS

Vendor Jcd
Product Windu CMS
Weakness CWE-204
Published November 18, 2025
Last update December 5, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
December 5, 2025 Record updated