CVE-2025-7876

MEDIUM

MetaCRM <6.4.2 - Deserialization

Title source: llm

Description

A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. The manipulation of the argument p leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0009
EPSS Percentile 25.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-502 CWE-20
Status published

Affected Products (1)

metasoft/metacrm < 6.4.2

Timeline

Published Jul 20, 2025
Tracked Since Feb 18, 2026