QwikSec

Security Database

CVE

CWE

Training

CVE-2025-62604

Published: Oct 22, 2025

Modified: Oct 27, 2025

PUBLISHED

Description

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts.

Vendor	Product	Versions
metersphere	metersphere	affected `< 2.10.25-lts`

Weaknesses (CWE)

References

https://github.com/metersphere/metersphere/security/advisories/GHSA-vj5x-7374-rf96

x_refsource_CONFIRM

https://github.com/metersphere/metersphere/commit/b984fe74e84711ff326b0a348807c31fadf134af

x_refsource_MISC

https://github.com/metersphere/metersphere/releases/tag/v2.10.25-lts

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.