CVE-2025-7873

A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.316987 Permissions Required VDB Entry
https://vuldb.com/?id.316987 Third Party Advisory VDB Entry
https://vuldb.com/?submit.611043 Third Party Advisory VDB Entry
https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:metasoft:metacrm:*:*:*:*:*:*:*:*

History

27 Aug 2025, 17:52

Type Values Removed Values Added
References () https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md - () https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.316987 - () https://vuldb.com/?ctiid.316987 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.316987 - () https://vuldb.com/?id.316987 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.611043 - () https://vuldb.com/?submit.611043 - Third Party Advisory, VDB Entry
First Time Metasoft
Metasoft metacrm
CPE cpe:2.3:a:metasoft:metacrm:*:*:*:*:*:*:*:*

22 Jul 2025, 14:15

Type Values Removed Values Added
References () https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md - () https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-SQLI-1.md -

22 Jul 2025, 13:06

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad en Metasoft ???? MetaCRM hasta la versión 6.4.2. Se ha declarado crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo mcc_login.jsp. La manipulación del argumento "workerid" provoca una inyección SQL. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió.

20 Jul 2025, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-20 07:15

Updated : 2025-08-27 17:52


NVD link : CVE-2025-7873

Mitre link : CVE-2025-7873

CVE.ORG link : CVE-2025-7873


JSON object : View

Products Affected

metasoft

  • metacrm
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')