Server-Side Template Injection in MRCMS by MRCMS Team
CVE-2025-25768
5.4MEDIUM
What is CVE-2025-25768?
A server-side template injection (SSTI) vulnerability has been identified in MRCMS version 3.1.2, specifically located in the component responsible for handling servlet requests. This flaw enables malicious actors to craft specially designed payloads that can lead to the execution of arbitrary code on the server, potentially compromising the integrity and confidentiality of the affected system.