exploitDog

CVE-2025-62604

Опубликовано: 22 окт. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.

Ссылки

https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134af
Patch
https://github.com/metersphere/metersphere/releases/tag/v2.10.25-lts
Release Notes
https://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

Версия до 2.10.25 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 14%

0.00045

Низкий

7.5 High

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo