What is the CVSS score of CVE-2025-2193?

CVE-2025-2193 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. EPSS exploitation probability: 0.4%.

Which versions of MRCMS are affected by CVE-2025-2193?

Organizations using A vulnerability should be aware of moderate risk from CVE-2025-2193, a path traversal vulnerability rated CVSS 5.4. This could allow unauthorized file access.

Is there a public PoC exploit available for CVE-2025-2193?

Yes, a public proof-of-concept exploit is available for CVE-2025-2193. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2025-2193?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review file handling controls.

MRCMS CVE-2025-2193

MEDIUM

Path Traversal (CWE-22)

2025-03-11 cna@vuldb.com

Path Traversal

5.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.4 MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

PoC Detected

Apr 09, 2025 - 20:48 vuln.today

Public exploit code

CVE Published

Mar 11, 2025 - 13:15 nvd

MEDIUM 5.4

DescriptionCVE.org

A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Technical ContextAI

Classified as CWE-22 (Path Traversal). A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected ProductsAI

MRCMS 3.1.2 and classified as critical

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

CVE-2025-2193 vulnerability details – vuln.today

Back