Vertical Privilege Escalation in MRCMS by MRCMS Inc.
CVE-2025-25767

4.8MEDIUM

Key Information:

Vendor: MRCMS Inc.
Status: MRCMS
Vendor: CVE Published:; 21 February 2025

What is CVE-2025-25767?

A vulnerability in MRCMS version 3.1.2 allows attackers to exploit a weakness in the UserController component. Through maliciously crafted requests, unauthorized users can gain elevated privileges, resulting in the arbitrary deletion of user accounts. This poses a significant risk to system integrity and user data, necessitating prompt attention and remediation measures from affected users.

References

https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 7, 2025