CVE-2025-7880
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| metasoft | metacrm | to 6.4.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7880 is an unrestricted file upload vulnerability in MetaCRM version 6.4.2, specifically in the /business/common/sms/sendsms.jsp interface. It allows attackers to remotely upload arbitrary files, including malicious scripts like .jsp, .php, or .asp, without authentication. Once uploaded, these files can be executed on the server, enabling attackers to control the server remotely, execute system commands, and access or modify sensitive data. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote control of the affected server, allowing attackers to view, modify, or delete files, execute system commands, and steal sensitive information such as database credentials and user data. It compromises the confidentiality, integrity, and availability of the system, potentially disrupting enterprise operations and exposing critical data. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of the vulnerable endpoint /business/common/sms/sendsms.jsp on your systems or network. You can use web server logs or network monitoring tools to identify requests to this URL. Additionally, using Google dorking with the query `inurl:business/common/sms/sendsms.jsp` can help identify exposed instances. To detect exploitation attempts, monitor for unusual file upload activity targeting the 'file' argument on this endpoint. Commands such as `curl` or `wget` can be used to test the endpoint manually, for example: `curl -X POST -F "[email protected]" http://target/business/common/sms/sendsms.jsp` (in a controlled environment). Also, scanning your web servers for uploaded suspicious files like .jsp, .php, or .asp in upload directories may help detect exploitation. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the vulnerable endpoint /business/common/sms/sendsms.jsp to prevent file uploads. If possible, apply strict input validation and file type restrictions on the 'file' argument to prevent uploading of executable scripts. Since no vendor patch or official mitigation is available, consider isolating or replacing the affected MetaCRM version 6.4.2 with a secure alternative. Monitoring and blocking suspicious upload attempts and removing any uploaded malicious files are also recommended to reduce risk. [2]