Improper Authentication Vulnerability in Metasoft MetaCRM
CVE-2025-7875

6.9MEDIUM

Key Information:

Vendor

Metasoft 美特软件

Status
Metacrm
Vendor
CVE Published:
20 July 2025

Badges

👾 Exploit Exists

What is CVE-2025-7875?

A vulnerability in Metasoft's MetaCRM software up to version 6.4.2 allows for improper authentication, potentially letting attackers access sensitive functionalities remotely. The issue arises from an insecure implementation found within the '/debug.jsp' file. This vulnerability has been publicly disclosed, raising concerns over its possible exploitation in real-world scenarios. Despite earlier notification, the vendor has not provided a response, highlighting the urgency for users to assess their security posture and patch their systems accordingly.

Affected Version(s)

MetaCRM 6.4.0

MetaCRM 6.4.1

MetaCRM 6.4.2

References

https://vuldb.com/?id.316989
vdb-entry
https://vuldb.com/?ctiid.316989
signaturepermissions-required
https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SI...
exploit

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.