Logic Flaw in MeterSphere Continuous Testing Platform by MeterSphere
CVE-2025-62604

5.3MEDIUM

Key Information:

Vendor

Metersphere

Status
Metersphere
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62604?

MeterSphere, an open-source continuous testing platform, is affected by a significant logic flaw that allows an unauthenticated attacker to gain unauthorized access to arbitrary user information. This vulnerability can enable attackers to log in to the system, impersonating any user without proper authentication. The issue has been addressed in the release of version 2.10.25-lts, which includes necessary patches to mitigate the risk posed by this flaw. It is crucial for users to update to this version to ensure their systems remain secure.

Affected Version(s)

metersphere < 2.10.25-lts

References

https://github.com/metersphere/metersphere/security/advis...
x_refsource_CONFIRM
https://github.com/metersphere/metersphere/commit/b984fe7...
x_refsource_MISC
https://github.com/metersphere/metersphere/releases/tag/v...
x_refsource_MISC

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62604 : Logic Flaw in MeterSphere Continuous Testing Platform by MeterSphere