Description
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc addToGroup method) that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token validation and directly processes user-supplied userId and groupId parameters via getUserManager().createUserInGorup(), enabling malicious websites to forge requests that automatically execute when an authenticated administrator visits a crafted page. Adding a user to the Super Admins group (s2 user) is not possible. Successful exploitation results in the attacker gaining privilege escalation both horizontally to other groups and vertically to the admin group. Escalation to the s2 User group is not possible.
Published: 2026-03-18
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via CSRF
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in the Add To Group function of MuraCMS, where the addToGroup method accepts userId and groupId parameters without validating a CSRF token. This omission lets a malicious actor craft a request that, when an authenticated administrator visits a specially designed webpage, automatically adds a target user to a chosen group, elevating the attacker’s privileges. The vulnerability can raise the attacker from a regular user to another group, and further allow vertical escalation into the Admin group, though it cannot add users to the Super Admins group. The impact is a compromise of integrity and authorization controls, allowing attackers to impersonate users and gain administrative access.

Affected Systems

MuraCMS (murasoftware) versions up to and including 10.1.10 are affected. No other version or patch status is mentioned. Administrators using these versions should seek patch or upgrades.

Risk and Exploitability

The CVSS score of 8 indicates a high severity, but the EPSS score of less than 1% and absence from the KEV catalog suggest the exploit probability remains low at present. However, the attack requires an authenticated administrator to be tricked into loading a crafted page, making the threat primarily a cross-site request forgery scenario. The lack of CSRF checks means automated or remote exploitation is possible if an attacker can compromise a privileged user’s session or persuade them to visit a malicious site. While the exploit path is straightforward, success depends on user behavior and the presence of an active session. The overall risk is considered high for systems that have not applied the vendor patch.

Generated by OpenCVE AI on March 20, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest MuraCMS patch (10.1.11 or newer) to eliminate the vulnerable Add To Group endpoint.
  • Verify that all administrator accounts are using a version that includes the CSRF token validation fix.
  • Restrict administrator access to secure, trusted networks and monitor for suspicious login activity.
  • If an immediate patch is unavailable, limit the use of the Add To Group feature and consider disabling the endpoint until a fix is applied.

Generated by OpenCVE AI on March 20, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title CSRF Privilege Escalation via Add To Group in MuraCMS

Fri, 20 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Murasoftware
Murasoftware mura Cms
Vendors & Products Murasoftware
Murasoftware mura Cms

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc addToGroup method) that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token validation and directly processes user-supplied userId and groupId parameters via getUserManager().createUserInGorup(), enabling malicious websites to forge requests that automatically execute when an authenticated administrator visits a crafted page. Adding a user to the Super Admins group (s2 user) is not possible. Successful exploitation results in the attacker gaining privilege escalation both horizontally to other groups and vertically to the admin group. Escalation to the s2 User group is not possible.
References

Subscriptions

Murasoftware Mura Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-19T13:42:30.193Z

Reserved: 2025-08-06T00:00:00.000Z

Link: CVE-2025-55041

cve-icon Vulnrichment

Updated: 2026-03-19T13:42:24.149Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T16:16:23.303

Modified: 2026-03-20T18:12:41.553

Link: CVE-2025-55041

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:12Z

Weaknesses