CVE-2025-2193

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2

Description: A critical issue has been discovered that affects the delete function of the /admin/file/delete.do endpoint, specifically within the org.marker.mushroom.controller.FileController component. The manipulation of the path/name argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For MRCMS version 3.1.2, consider restricting access to the /admin/file/delete.do endpoint until a patch is available. As a temporary workaround, avoid using the path/name argument in the affected endpoint to minimize the risk of exploitation.