A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.
History

Thu, 12 Jun 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Mrcms
Mrcms mrcms
CPEs cpe:2.3:a:mrcms:mrcms:3.1.2:*:*:*:*:*:*:*
Vendors & Products Mrcms
Mrcms mrcms

Tue, 06 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 06 May 2025 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.
Title MRCMS cross-site request forgery
Weaknesses CWE-352
CWE-862
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-05-06T06:31:03.485Z

Updated: 2025-05-06T14:15:12.444Z

Reserved: 2025-05-05T14:55:00.435Z

Link: CVE-2025-4327

cve-icon Vulnrichment

Updated: 2025-05-06T14:15:01.946Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-06T07:15:48.607

Modified: 2025-06-12T17:29:58.950

Link: CVE-2025-4327

cve-icon Redhat

No data.