A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
History

Wed, 27 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Metasoft
Metasoft metacrm
CPEs cpe:2.3:a:metasoft:metacrm:*:*:*:*:*:*:*:*
Vendors & Products Metasoft
Metasoft metacrm

Mon, 21 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 20 Jul 2025 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Metasoft 美特软件 MetaCRM debug.jsp improper authentication
Weaknesses CWE-287
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-07-21T17:03:03.085Z

Reserved: 2025-07-19T07:15:33.752Z

Link: CVE-2025-7875

cve-icon Vulnrichment

Updated: 2025-07-21T17:02:51.138Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-20T08:15:23.050

Modified: 2025-08-27T17:32:02.953

Link: CVE-2025-7875

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.