Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Dec 5, 2025
User enumeration in Windu CMS
CVE-2025-59116
Description
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.
Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.
Affected products
1- JCD/Windu CMSv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert.pl/posts/2025/11/CVE-2025-59110mitrethird-party-advisory
- windu.orgmitreproduct
News mentions
0No linked articles in our index yet.