CVE-2025-53639
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-09-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metersphere | metersphere | to 3.6.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL Injection issue in the MeterSphere application (versions up to 3.6.4-lts). It occurs because the 'sortField' parameter in certain API endpoints is not properly validated or sanitized. An attacker can inject malicious SQL code through this parameter, which is directly concatenated into the SQL ORDER BY clause without using prepared statements or a whitelist. This allows execution of arbitrary SQL commands, such as dropping tables or modifying data. [1]
How can this vulnerability impact me? :
The vulnerability can lead to modification or deletion of database contents, potentially resulting in a full compromise of the application's database integrity and availability. This means attackers could alter or destroy data, disrupt service, or gain unauthorized control over the database. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring API requests to MeterSphere for suspicious or malformed `sortField` parameters that include SQL syntax such as semicolons or SQL keywords (e.g., DROP, SELECT). You can use network traffic inspection tools or web server logs to identify such requests. For example, using grep on access logs: `grep -i 'sortField=.*;' access.log` to find requests with potentially malicious input. Additionally, testing the API endpoints with crafted inputs like `?sortField=id; DROP TABLE users;--` in a controlled environment can help confirm the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade MeterSphere to version 3.6.5-lts or later, where the vulnerability is fixed. Until the upgrade can be performed, restrict access to the vulnerable API endpoints, implement input validation or filtering on the `sortField` parameter to block suspicious characters or SQL keywords, and monitor logs for exploitation attempts. [1]