Arbitrary File Write Vulnerability in MRCMS by MRCMS Team
CVE-2025-25765

4MEDIUM

Key Information:

Vendor: MRCMS Team
Status: MRCMS
Vendor: CVE Published:; 21 February 2025

What is CVE-2025-25765?

An arbitrary file write vulnerability exists in MRCMS v3.1.2 that could allow an attacker to save files to any location on the server through the /file/save.do component. This flaw could be exploited to manipulate files on the server, potentially leading to unauthorized access, data breach, or further exploitation of the server environment.

References

https://flowus.cn/share/be03dd2c-b760-457a-a919-e388d7566ff2

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 7, 2025