CVE-2025-7876
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metasoft | metacrm | to 6.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7876 is a critical deserialization vulnerability in the MetaCRM software by Metasoft, affecting versions up to 6.4.2. It occurs in the AnalyzeParam function of the download.jsp file, where the argument 'p' is improperly handled and deserialized without sufficient validation. This flaw allows an attacker to remotely execute arbitrary code on the server hosting MetaCRM by sending crafted deserialization payloads, potentially taking full control of the system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution, which allows attackers to take over the server running MetaCRM. It compromises the confidentiality, integrity, and availability of the system, potentially leading to data breaches, unauthorized access, data manipulation, and service disruption. Since no authentication is required to exploit this flaw and a public proof-of-concept exploit exists, the risk is significant. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of MetaCRM versions up to 6.4.2 running the vulnerable download.jsp component. One method is to use Google dorking with queries like "inurl:download.jsp" to find potentially vulnerable targets. On your network or system, you can scan for HTTP requests or URLs containing "download.jsp" and specifically check if the AnalyzeParam parameter or argument "p" is being used or manipulated. Since the vulnerability involves deserialization of the "p" parameter, monitoring web server logs for suspicious or crafted payloads targeting download.jsp could help detect exploitation attempts. Specific commands might include using curl or wget to test the endpoint, for example: curl -v "http://target/download.jsp?p=payload" to observe responses. Network scanning tools or web vulnerability scanners that can detect deserialization flaws or identify MetaCRM versions might also be used. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or blocking access to the vulnerable download.jsp endpoint, especially the AnalyzeParam function that processes the "p" parameter, to prevent remote exploitation. Since no official patch or mitigation has been published and the vendor has not responded, consider isolating or disabling the affected MetaCRM service if possible. Monitoring and filtering incoming requests to detect and block malicious payloads targeting deserialization can reduce risk. Ultimately, consider replacing the affected product or upgrading to a non-vulnerable version once available. Applying network-level protections such as web application firewalls (WAFs) with rules to detect deserialization attack patterns may also help mitigate exploitation attempts. [2]