CVE-2025-7877
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as critical, has been found in Metasoft 美特软件 MetaCRM up to 6.4.2. This issue affects some unknown processing of the file sendfile.jsp. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-20
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2025-07-20
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7877
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
metasoft metacrm to 6.4.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-7877 is a critical vulnerability in Metasoft MetaCRM versions up to 6.4.2, specifically in the sendfile.jsp interface. It allows attackers to upload arbitrary files to the server without restrictions by manipulating the 'file' argument. This unrestricted file upload can be exploited remotely without authentication, potentially leading to server compromise and enabling further malicious activities. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to upload malicious files to your MetaCRM server remotely, which can lead to server compromise. This may result in unauthorized access, data breaches, disruption of services, and further exploitation of your system's confidentiality, integrity, and availability. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by searching for the presence of the vulnerable sendfile.jsp interface on your MetaCRM system. Attackers may use Google dorking with queries like 'inurl:sendfile.jsp' to find vulnerable targets. On your system, you can check for the existence of the sendfile.jsp file and monitor HTTP requests targeting this endpoint, especially those attempting file uploads. Network monitoring tools or web server logs can be used to identify suspicious upload attempts to sendfile.jsp. Specific commands are not provided in the resources, but searching for the file and monitoring access logs for sendfile.jsp is recommended. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include replacing the affected MetaCRM product or component, as no vendor patch or countermeasures are currently available. Restricting access to the sendfile.jsp interface, such as by firewall rules or web server configuration, can help reduce exposure. Monitoring and blocking suspicious file upload attempts to sendfile.jsp is also advised. Since the vulnerability allows unrestricted file uploads remotely without authentication, limiting network exposure and applying strict access controls are critical until a secure version or patch is available. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart