Metersphere

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-53639 CRITICAL Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere

NVD GitHub

CVSS 3.1

9.8

EPSS

0.1%

CVE-2025-53639

EPSS 0% CVSS 9.8

CRITICAL Act Now

CVE-2025-53639 is a critical SQL injection vulnerability in MeterSphere's API sorting functionality where the sortField parameter lacks proper input validation and sanitization. All versions prior to 3.6.5-lts are affected, allowing unauthenticated remote attackers to execute arbitrary SQL statements and completely compromise database integrity, availability, and confidentiality. This is a network-exploitable vulnerability with no authentication required and high real-world risk.

SQLi Java Metersphere

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy