Cross-Site Scripting Vulnerability in MRCMS by MRCMS
CVE-2025-4324

4.8MEDIUM

Key Information:

Vendor

MRCMS

Status
Mrcms
Vendor
CVE Published:
6 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-4324?

A cross-site scripting vulnerability has been identified in the External Link Management Page component of MRCMS version 3.1.2. This security flaw occurs in the '/admin/link/edit.do' file, allowing attackers to execute arbitrary scripts in the context of the user's browser. This can potentially lead to unauthorized actions or the theft of sensitive information. As this vulnerability can be exploited remotely, it is crucial for users to update their MRCMS installations to minimize security risks.

Affected Version(s)

MRCMS 3.1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-4324 - Proof of Concept

References

https://vuldb.com/?id.307425
vdb-entry
https://vuldb.com/?ctiid.307425
signaturepermissions-required
https://vuldb.com/?submit.563543
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

baihekuz (VulDB User)
.