CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

CVE-2025-53639 Metersphere has SQL Injection Vulnerability in Sorting Field

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...

Design/Logic Flaw

MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The checkUserPassword method is used to check whether the password provided by the user matches the password saved in the database, and the CodingUtil.md5 method is used to...

CVE-2022-23544 Server-Side Request Forgery in Metersphere leads to Cross-Site Scripting

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...