CVE-2025-25768
MEDIUMMRCMS v3.1.2 - Server-Side Template Injection in DispatcherServlet
Title source: llmDescription
MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://flowus.cn/share/8838861d-0b32-4314-a13d-edb22b72cebc
Scores
CVSS v3
5.4
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
mrcms/mrcms
3.1.2
Published
Feb 21, 2025
Tracked Since
Feb 18, 2026