CVE-2025-62604
HIGHMeterSphere < 2.10.25 - Unauthenticated Exposure of Sensitive User Information
Title source: llmDescription
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96
Patch x_refsource_misc
https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134af
Release Notes x_refsource_misc
https://github.com/metersphere/metersphere/releases/tag/v2.10.25-lts
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
30.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
metersphere/metersphere
< 2.10.25
Published
Oct 22, 2025
Tracked Since
Feb 18, 2026