{"id":"CVE-2025-59116","details":"Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.\n\nOnly version 4.1 was tested and confirmed as vulnerable.\nThis issue was fixed in version 4.1 build 2250.","modified":"2026-03-13T03:35:26.361444Z","published":"2025-11-18T15:16:34.127Z","references":[{"type":"WEB","url":"https://windu.org"},{"type":"ADVISORY","url":"https://cert.pl/posts/2025/11/CVE-2025-59110"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59116.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}