CVE-2025-7875
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as critical has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This affects an unknown part of the file /debug.jsp. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7875
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
metasoft metacrm to 6.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7875 is a critical improper authentication vulnerability in Metasoft 美特软件 MetaCRM versions up to 6.4.2, specifically in the /debug.jsp file. It occurs because the system fails to properly verify the identity of users, allowing remote attackers to bypass authentication without any credentials. This means attackers can access the system without logging in, potentially compromising its confidentiality, integrity, and availability. [1]


How can this vulnerability impact me? :

This vulnerability allows remote attackers to bypass authentication easily and without credentials, which can lead to unauthorized access to sensitive data and system functions. As a result, attackers can compromise the confidentiality, integrity, and availability of the affected system, potentially leading to data breaches, data manipulation, or service disruption. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by scanning for the presence of the vulnerable /debug.jsp file in Metasoft MetaCRM versions up to 6.4.2. One method is to use Google dorking with the query "inurl:debug.jsp" to locate potentially vulnerable targets. On your network or system, you can use tools like curl or wget to check if the /debug.jsp endpoint is accessible without authentication. For example, running a command such as `curl -i http://target-ip/debug.jsp` to see if the page is accessible without credentials may help identify vulnerable instances. [1]


What immediate steps should I take to mitigate this vulnerability?

Since no official patch or fix has been provided by the vendor, immediate mitigation steps include restricting access to the /debug.jsp file, for example by implementing network-level access controls or web server rules to block or limit access to this endpoint. Consider disabling or removing the /debug.jsp file if possible. Additionally, replacing the affected MetaCRM component with an alternative product is suggested to avoid exposure to this critical improper authentication vulnerability. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart