CVE-2025-7873 in MetaCRM
Summary
by MITRE • 07/20/2025
A vulnerability was found in Metasoft 美特软件 MetaCRM up to 6.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file mcc_login.jsp. The manipulation of the argument workerid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 08/27/2025
This critical vulnerability in Metasoft 美特软件 MetaCRM version 6.4.2 represents a severe sql injection flaw that compromises the system's authentication mechanism. The vulnerability resides within the mcc_login.jsp file where the workerid parameter is processed without adequate input validation or sanitization. This allows malicious actors to manipulate the workerid argument to inject arbitrary sql commands into the database query execution path. The remote exploitation capability means that attackers can leverage this vulnerability from outside the network perimeter without requiring local system access or prior authentication credentials.
The technical exploitation of this vulnerability follows standard sql injection attack patterns where the attacker crafts malicious input that alters the intended sql query structure. When the workerid parameter is passed to the database without proper parameterization or input filtering, it creates an opening for attackers to execute unauthorized database operations. This could potentially allow for data extraction, modification, or deletion of sensitive customer information stored within the MetaCRM system. The vulnerability's classification as critical indicates that it can be easily exploited and can result in complete system compromise or unauthorized access to confidential business data.
The operational impact of this vulnerability extends beyond simple data theft as it directly undermines the integrity of the customer relationship management system. Organizations using this software may face significant risks including customer data breaches, regulatory compliance violations, and potential financial losses due to compromised customer information. The fact that public exploitation methods have been disclosed increases the likelihood of widespread abuse, as threat actors can readily implement the attack without requiring advanced technical skills. Additionally, the vendor's lack of response to early disclosure notifications creates a dangerous gap in security remediation efforts.
Security mitigations for this vulnerability should include immediate implementation of input validation and parameterized queries to prevent sql injection attacks. Organizations should deploy web application firewalls to monitor and filter malicious sql injection attempts targeting the affected login functionality. Network segmentation and access controls should be strengthened to limit potential lateral movement within the environment. The vendor must be urgently contacted to obtain a security patch or workaround, as the current state of the software presents an unacceptable risk level. Organizations should also conduct comprehensive security assessments to identify any other potential sql injection vulnerabilities within their MetaCRM installations and related systems.
This vulnerability aligns with CWE-89 sql injection weakness classification and represents a significant risk under the attack technique framework where adversaries leverage application-level vulnerabilities to gain unauthorized access. The disclosure of exploit methods without vendor response creates a high-risk scenario that requires immediate remediation actions to prevent potential data breaches and system compromise. Organizations should prioritize updating their MetaCRM installations and implementing additional security controls to protect against this and similar vulnerabilities in their operational environments.