Improper Authentication Vulnerability in Metasoft MetaCRM
CVE-2025-7875

6.9MEDIUM

Key Information:

Vendor

Metasoft 美特软件

Status
Metacrm
Vendor
CVE Published:
20 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7875?

A vulnerability in Metasoft's MetaCRM software up to version 6.4.2 allows for improper authentication, potentially letting attackers access sensitive functionalities remotely. The issue arises from an insecure implementation found within the '/debug.jsp' file. This vulnerability has been publicly disclosed, raising concerns over its possible exploitation in real-world scenarios. Despite earlier notification, the vendor has not provided a response, highlighting the urgency for users to assess their security posture and patch their systems accordingly.

Affected Version(s)

MetaCRM 6.4.0

MetaCRM 6.4.1

MetaCRM 6.4.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7875 - Proof of Concept

References

https://vuldb.com/?id.316989
vdb-entry
https://vuldb.com/?ctiid.316989
signaturepermissions-required
https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SI...
exploit

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7875 : Improper Authentication Vulnerability in Metasoft MetaCRM