Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-62604
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-22 Oct, 2025 | 15:03
Updated At-27 Oct, 2025 | 13:34
Rejected At-
▼CVE Numbering Authority (CNA)
MeterSphere logic flaw allows retrieval of arbitrary user information

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.

Affected Products
Vendor
MeterSphere (FIT2CLOUD Inc.)metersphere
Product
metersphere
Versions
Affected
  • < 2.10.25-lts
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-200
Description: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96
x_refsource_CONFIRM
https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134af
x_refsource_MISC
https://github.com/metersphere/metersphere/releases/tag/v2.10.25-lts
x_refsource_MISC
Hyperlink: https://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134af
Resource:
x_refsource_MISC
Hyperlink: https://github.com/metersphere/metersphere/releases/tag/v2.10.25-lts
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found