Server-Side Template Injection in MRCMS by MRCMS Team
CVE-2025-25768

5.4MEDIUM

Key Information:

Vendor: MRCMS Team
Status: MRCMS
Vendor: CVE Published:; 21 February 2025

What is CVE-2025-25768?

A server-side template injection (SSTI) vulnerability has been identified in MRCMS version 3.1.2, specifically located in the component responsible for handling servlet requests. This flaw enables malicious actors to craft specially designed payloads that can lead to the execution of arbitrary code on the server, potentially compromising the integrity and confidentiality of the affected system.

References

https://flowus.cn/share/8838861d-0b32-4314-a13d-edb22b72cebc

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 7, 2025