CVE-2025-53639

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. This could result in modification or deletion of database contents, with a potential full compromise of the application’s database integrity and availability. Version 3.6.5-lts fixes the issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*

History

11 Sep 2025, 20:47

Type	Values Removed	Values Added
First Time		Metersphere metersphere Metersphere
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:metersphere:metersphere:::::lts:::*
References	~~() https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45 -~~	() https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45 - Vendor Advisory

15 Jul 2025, 13:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-14 20:15

Updated : 2025-09-11 20:47

NVD link : CVE-2025-53639

Mitre link : CVE-2025-53639

CVE.ORG link : CVE-2025-53639

JSON object : View

Products Affected

metersphere

metersphere

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-53639", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-14T20:15:29.487", "references": [{"url": "https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. This could result in modification or deletion of database contents, with a potential full compromise of the application\u2019s database integrity and availability. Version 3.6.5-lts fixes the issue."}, {"lang": "es", "value": "MeterSphere es una plataforma de pruebas continuas de c\u00f3digo abierto. Antes de la versi\u00f3n 3.6.5-lts, el par\u00e1metro sortField en ciertos endpoints de la API no se validaba ni depuraba correctamente. Un atacante puede proporcionar una entrada manipulada para inyectar y ejecutar sentencias SQL arbitrarias mediante la funci\u00f3n de ordenaci\u00f3n. Esto podr\u00eda provocar la modificaci\u00f3n o eliminaci\u00f3n del contenido de la base de datos, con la posible vulneraci\u00f3n total de la integridad y disponibilidad de la base de datos de la aplicaci\u00f3n. La versi\u00f3n 3.6.5-lts corrige este problema."}], "lastModified": "2025-09-11T20:47:39.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metersphere:metersphere:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "6A1212F3-25E4-4F9D-8C7C-0FDDE838E374", "versionEndExcluding": "3.6.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}