CVE-2025-7878

Name of the Vulnerable Software and Affected Versions Metasoft MetaCRM versions up to 6.4.2

Description A critical vulnerability exists in Metasoft MetaCRM up to version 6.4.2. The issue involves an unrestricted file upload vulnerability located in an unknown function of the /common/jsp/upload2.jsp file. Manipulation of the File argument allows for remote exploitation. The exploit for this vulnerability has been publicly disclosed.

Recommendations Metasoft MetaCRM versions prior to 6.4.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.