Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Oct 27, 2025
MeterSphere logic flaw allows retrieval of arbitrary user information
CVE-2025-62604
Description
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< 2.10.25-lts+ 1 more
- (no CPE)range: < 2.10.25-lts
- (no CPE)range: < 2.10.25-lts
Patches
Vulnerability mechanics
References
3- github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134afmitrex_refsource_MISC
- github.com/metersphere/metersphere/releases/tag/v2.10.25-ltsmitrex_refsource_MISC
- github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.