PT-2025-7571 · Mrcms · Mrcms

Published

2025-02-21

Updated

2025-02-21

CVE-2025-25765

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MRCMS version 3.1.2

Description The issue is related to an arbitrary file write vulnerability. This vulnerability can be exploited via the /file/save.do API endpoint.

Recommendations For MRCMS version 3.1.2, consider restricting access to the /file/save.do API endpoint until a patch is available. As a temporary workaround, avoid using the /file/save.do endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-25765

Affected Products

Mrcms

PT-2025-7571 · Mrcms · Mrcms

CVE-2025-25765

Related Identifiers

Affected Products

References · 5