Cyber Resilience

CVE-2025-53639

Medium

Published: 14 July 2025

Published
14 July 2025
Modified
11 September 2025
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0032 55.2th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53639 is a medium-severity SQL Injection (CWE-89) vulnerability in Metersphere Metersphere. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-53639 is a SQL injection vulnerability (CWE-89) affecting MeterSphere, an open source continuous testing platform. In versions prior to 3.6.5-lts, the sortField parameter in certain API endpoints lacks proper validation or sanitization, allowing attackers to inject and execute arbitrary SQL statements via the sorting functionality. This flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impact on confidentiality, integrity, and availability.

Unauthenticated remote attackers can exploit this vulnerability by supplying crafted input to the affected API endpoints, enabling arbitrary SQL execution. Successful exploitation could lead to modification or deletion of database contents, resulting in full compromise of the application's database integrity and availability.

The GitHub security advisory (GHSA-vcm3-5w3f-9f45) confirms that upgrading to version 3.6.5-lts resolves the issue by addressing the improper validation of the sortField parameter. Security practitioners should prioritize patching affected MeterSphere instances to mitigate this risk.

EU & UK References

Vulnerability details

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the…

more

sorting functionality. This could result in modification or deletion of database contents, with a potential full compromise of the application’s database integrity and availability. Version 3.6.5-lts fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct unauthenticated remote SQL injection in public API endpoints of a web platform maps cleanly to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-39334Shared CWE-89
CVE-2024-13488Shared CWE-89
CVE-2026-20002Shared CWE-89
CVE-2025-1446Shared CWE-89
CVE-2025-22699Shared CWE-89
CVE-2026-36232Shared CWE-89
CVE-2026-31871Shared CWE-89
CVE-2026-33078Shared CWE-89
CVE-2026-46359Shared CWE-89
CVE-2025-22691Shared CWE-89

Affected Assets

metersphere
metersphere
≤ 3.6.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of user-supplied inputs like the sortField parameter to prevent SQL injection attacks.

prevent

Ensures timely flaw remediation by patching MeterSphere to version 3.6.5-lts, which fixes the improper sortField validation.

prevent

Vulnerability scanning identifies SQL injection flaws in API endpoints like those exploiting the sortField parameter prior to exploitation.

References