Skip to main content

Metersphere

17 CVEs product

Monthly

CVE-2025-53639 CRITICAL PATCH Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-37161 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metersphere
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36118 MEDIUM This Month

MeterSphere is a test management and interface testing tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-32467 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-50267 MEDIUM This Month

MeterSphere is a one-stop open source continuous testing platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Metersphere
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-41878 CRITICAL PATCH Act Now

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38494 HIGH POC PATCH This Week

MeterSphere is an open-source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37461 CRITICAL POC Act Now

Metersphere is an opensource testing framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-35937 HIGH POC This Week

Metersphere is an open source continuous testing platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32699 MEDIUM POC PATCH This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29944 CRITICAL POC Act Now

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-30550 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
4.5
EPSS
0.7%
CVE-2023-25814 MEDIUM POC This Month

metersphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-25573 HIGH POC THREAT This Week

metersphere is an open source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
49.9%
CVE-2022-46178 Maven HIGH POC PATCH This Week

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-23544 MEDIUM POC PATCH This Month

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Metersphere
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-23512 HIGH POC This Week

MeterSphere is a one-stop open source continuous testing platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metersphere
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

MeterSphere is a test management and interface testing tool. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Metersphere
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metersphere
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

MeterSphere is a one-stop open source continuous testing platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Metersphere
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Metersphere
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

MeterSphere is an open-source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metersphere
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Metersphere is an opensource testing framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Metersphere is an open source continuous testing platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Metersphere
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Metersphere
NVD GitHub
EPSS 1% CVSS 4.5
MEDIUM POC This Month

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

metersphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
EPSS 50% CVSS 7.5
HIGH POC THREAT This Week

metersphere is an open source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Metersphere
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

MeterSphere is a one-stop open source continuous testing platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy