CVE-2025-7873
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metasoft | metacrm | to 6.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7873 is a critical SQL injection vulnerability in Metasoft MetaCRM up to version 6.4.2, specifically in the mcc_login.jsp file. It occurs because the 'workerid' parameter is not properly sanitized, allowing attackers to inject malicious SQL commands. This flaw enables attackers to manipulate the database queries executed by the system, potentially leading to unauthorized access or data manipulation. The vulnerability can be exploited remotely without authentication, and a proof-of-concept exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your MetaCRM system. An attacker exploiting this SQL injection can access, modify, or delete sensitive data in the database, potentially leading to data breaches, loss of data integrity, or disruption of services. Since the attack can be launched remotely without authentication, it poses a significant risk to the security and operation of affected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the vulnerable login interface using Google dorking with the query "inurl:mcc_login.jsp" to identify exposed targets. Additionally, testing the 'workerid' parameter in the mcc_login.jsp file for SQL injection by injecting typical SQL payloads can help detect exploitation. Since a proof-of-concept exploit is publicly available on GitHub, it can be used to verify the presence of the vulnerability. Specific commands are not provided, but using tools like curl or sqlmap targeting the 'workerid' parameter in the mcc_login.jsp endpoint would be appropriate. [1]
What immediate steps should I take to mitigate this vulnerability?
No official mitigations or countermeasures have been published by the vendor. The suggested immediate step is to replace the affected component (MetaCRM up to version 6.4.2) with an alternative product that is not vulnerable. Additionally, restricting access to the vulnerable mcc_login.jsp interface and monitoring for suspicious activity may help reduce risk until a fix or patch is available. [1]