CNNVD-202507-2548 Information

CNNVD ID

CNNVD-202507-2548

Related CVE

CVE-2025-7876

• CNNVD Published: 2025-07-20

Description (Chinese)

Metasoft MetaCRM是中国美特软件（Metasoft）公司的一款客户关系管理系统软件。 Metasoft MetaCRM 6.4.2及之前版本存在代码问题漏洞，该漏洞源于文件download.jsp中AnalyzeParam函数对参数p处理不当导致反序列化。

Description (English)

Metasoft MetaCRM is a CRM software for MetaSoft. There is a code problem loophole in Metasoft MetaCRM 6.4.2 and previous versions, which stems from the inaccuracy of the AnalyzeParam function in file download.jsp with respect to parameter p resulting in inverse sequenceization.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

美特软件

Published

2025-07-20

Last Modified

2026-02-24

References

https://vuldb.com/?id.316990 https://vuldb.com/?ctiid.316990 https://github.com/FightingLzn9/vul/blob/main/MetaCRM6-RCE-3.md https://vuldb.com/?submit.611048 https://access.redhat.com/security/cve/cve-2025-7876 https://nvd.nist.gov/vuln/detail/CVE-2025-7876