CVE-2025-4292

Name of the Vulnerable Software and Affected Versions MRCMS version 3.1.3 ASUS router (affected versions not specified)

Description A vulnerability has been found that allows for cross-site scripting through the manipulation of the Username argument in the file /admin/user/edit.do of the Edit User Page component. The attack can be launched remotely. Additionally, a flaw in ASUS routers, when AiCloud is enabled, can allow hackers to access the network from a distance, potentially leading to spying or network disruption.

Recommendations For MRCMS version 3.1.3, consider disabling the Edit User Page component or restricting access to the /admin/user/edit.do file until a patch is available. For ASUS routers, disable AiCloud to minimize the risk of exploitation. Avoid using the Username argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.