CVE-2025-25767

Medium CVSS: 4.8

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

Vendor

Mrcms

Product

Mrcms

CWE

CWE-266

Yayın Tarihi

2025-02-21 19:15:14

Güncelleme

2025-04-22 12:58:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-266 Mrcms MEDIUM Mrcms 2025

Referanslar

https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba

Benzer Kayıtlar

Medium

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/f…

Medium

CVE-2025-50581

MRCMS v3.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/group/save.do…

Medium

CVE-2025-4327

A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The ma…

Medium

CVE-2025-4326

A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of th…

Medium

CVE-2025-4325

A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of…

Medium

CVE-2025-4324

A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file…