CVE-2025-2193

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/IceFoxH/VULN/issues/1", "name": "https://github.com/IceFoxH/VULN/issues/1", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "refsource": ""}, {"url": "https://github.com/IceFoxH/VULN/issues/1", "name": "https://github.com/IceFoxH/VULN/issues/1", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.299218", "name": "VDB-299218 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.299218", "name": "VDB-299218 | MRCMS org.marker.mushroom.controller.FileController delete.do delete path traversal", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.511724", "name": "Submit #511724 | mrcms v3.1.2 vertical privilege escalation vulnerability", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-2193", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}}, "publishedDate": "2025-03-11T13:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-09T20:48Z"}