CVE-2025-7877

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Metasoft MetaCRM versions up to 6.4.2

Description A critical vulnerability exists in Metasoft MetaCRM. The issue involves unrestricted file upload due to manipulation of the File argument within the processing of the sendfile.jsp file. This allows for remote attacks. The exploit for this vulnerability has been publicly disclosed.

Recommendations Metasoft MetaCRM versions prior to 6.4.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-7877

Affected Products

Metacrm

CVE-2025-7877

Weakness Enumeration

Related Identifiers

Affected Products

References · 13