Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25767

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

Published

2025-02-21T19:15:14.253

Last Modified

2025-04-22T12:58:05.743

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-266

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mrcms	mrcms	3.1.2	Yes

References

https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba Exploit, Third Party Advisory ([email protected])