CVE-2025-53639

Name of the Vulnerable Software and Affected Versions: MeterSphere versions prior to 3.6.5-lts

Description: MeterSphere, a continuous testing platform, contains a flaw due to improper validation or sanitization of the sortField parameter in specific API endpoints. This allows attackers to inject and execute arbitrary SQL statements through the sorting functionality, potentially leading to modification or deletion of database contents and a full compromise of the application’s database integrity and availability.

Recommendations: Update to version 3.6.5-lts or later.