CVE-2025-53639 Information
Jul 15, 2025
cve
Description
MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. This could result in modification or deletion of database contents with a potential full compromise of the application’s database integrity and availability. Version 3.6.5-lts fixes the issue.
Reference
https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9f45
Related CNNVD
CNNVD-202507-1919 (Published: 2025-07-14)
Share on: