Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Oct 27, 2025

MeterSphere logic flaw allows retrieval of arbitrary user information

CVE-2025-62604

Description

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.

Affected products

MeterSphere/MeterSpherellm-create
Range: < 2.10.25-lts
metersphere/meterspherev5
Range: < 2.10.25-lts

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134afmitrex_refsource_MISC
github.com/metersphere/metersphere/releases/tag/v2.10.25-ltsmitrex_refsource_MISC
github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000