CVE-2025-53639 — CRITICAL (9.8)

Q: How severe is CVE-2025-53639?

CVE-2025-53639 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-53639?

Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.

Vulnerability Description

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. This could result in modification or deletion of database contents, with a potential full compromise of the application’s database integrity and availability. Version 3.6.5-lts fixes the issue.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Metersphere	Metersphere	< 3.6.5

Related Weaknesses (CWE)

CWE-89

References

https://github.com/metersphere/metersphere/security/advisories/GHSA-vcm3-5w3f-9fVendor Advisory

FAQ

What is CVE-2025-53639?

CVE-2025-53639 is a vulnerability with a CVSS score of 9.8 (CRITICAL). MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply c...

How severe is CVE-2025-53639?

CVE-2025-53639 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-53639?

Check the references section above for vendor advisories and patch information. Affected products include: Metersphere Metersphere.