CVE-2025-2193: MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal
First published: Tue Mar 11 2025(Updated: )
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mrcms |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2193?
CVE-2025-2193 is classified as a critical vulnerability.
What component is affected by CVE-2025-2193?
CVE-2025-2193 affects the function delete of the file /admin/file/delete.do within the org.marker.mushroom.controller.FileController component.
How does CVE-2025-2193 exploit path traversal?
CVE-2025-2193 exploits path traversal vulnerability via manipulation of the argument path/name.
Which version of MRCMS is impacted by CVE-2025-2193?
CVE-2025-2193 impacts MRCMS version 3.1.2.
How do I mitigate CVE-2025-2193?
To mitigate CVE-2025-2193, it is recommended to update to the latest version of MRCMS and implement proper input validation.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/author
- agent/severity
- agent/tags
- agent/event
- vendor/mrcms
- canonical/mrcms