CVE-2025-25767 Information

Description

A vertical privilege escalation vulnerability in the component /controller/UserController.java of MRCMS v3.1.2 allows attackers to arbitrarily delete users via a crafted request.

Reference

https://flowus.cn/share/a6170a19-032b-462d-8bf9-06ab139f78ba