Security ID : QSA-25-53
Vulnerability in MARS (Multi-Application Recovery Service)
Release date : January 3, 2026
CVE identifier : CVE-2025-59387
Affected products: MARS (Multi-Application Recovery Service) 1.2.x
Severity
Important
Status
Resolved
Summary
An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). If exploited, a remote attacker can execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| MARS (Multi-Application Recovery Service) 1.2.x | MARS (Multi-Application Recovery Service) 1.2.1.1686 and later |
Note: Starting from version 1.3.x, the application has been renamed to HDP for Wordpress (MARS).
Recommendation
To fix the vulnerability, we recommend updating MARS (Multi-Application Recovery Service) to the latest version.
Updating MARS (Multi-Application Recovery Service)
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "MARS" and then press ENTER.
The application appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your application is already up to date. - Click OK.
The system updates the application.
Attachment
Acknowledgements: q5ca, greengrass
Revision History:
V1.0 (January 3, 2026) - Published
