ГлавнаяУязвимости → CVE-2025-62604
7.5высокая

CVE-2025-62604

Описание

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.

Затрагиваемое ПО
Metersphere Metersphere
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134afhttps://github.com/metersphere/metersphere/releases/tag/v2.10.25-ltshttps://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96