CVE-2025-67830
published 2026-03-18CVE-2025-67830: Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.32%
23.8th percentile
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| murasoftware | mura_cms | < 10.1.4 | 10.1.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-67830 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67830 [CRITICAL] CVE-2025-67830 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67830 :
Mura CMS vulnerability analysis and mitigation
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
Source : NVD
## 9.8
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Mura CMS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:murasoftware:mura_cms
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 21, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 21, 2026
Linux Severity CRITICAL Has Fix Added at: Mar 22, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2025-67829 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67829 [CRITICAL] CVE-2025-67829 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67829 :
Mura CMS vulnerability analysis and mitigation
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
Source : NVD
## 9.8
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Mura CMS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:murasoftware:mura_cms
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 20, 2026
Linux Severity CRITICAL Has Fix Added at: Mar 22, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a pri
2026-03-18
Published