Login Sign Up

CVE-2025-7879

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to Metasoft MetaCRM systems via the mobileupload.jsp endpoint. Affected are all MetaCRM versions up to 6.4.2, potentially enabling attackers to execute malicious code or compromise the system.

💻 Affected Systems

Products:
  • Metasoft MetaCRM
Versions: up to 6.4.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the mobileupload.jsp file specifically; any system with this file accessible is vulnerable.

📦 What is this software?

Metacrm by Metasoft

View all CVEs affecting Metacrm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Web shell deployment leading to data exfiltration, credential harvesting, and further exploitation of the compromised system.

🟢

If Mitigated

Limited impact with proper file upload validation, web application firewalls, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available; vendor has not responded to disclosure. Consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Block mobileupload.jsp Access

all

Restrict access to the vulnerable file via web server configuration or firewall rules.

# Apache: <Location /mobileupload.jsp> Require all denied </Location>
# Nginx: location = /mobileupload.jsp { deny all; }

Implement File Upload Validation

all

Add server-side validation to restrict file types, extensions, and content for uploads.

🧯 If You Can't Patch

  • Deploy a web application firewall (WAF) with rules to block malicious file upload attempts.
  • Isolate the MetaCRM system in a segmented network zone with strict inbound/outbound controls.

🔍 How to Verify

Check if Vulnerable:

Check if mobileupload.jsp exists and is accessible via HTTP requests; test file upload functionality.

Check Version:

Check MetaCRM version in admin panel or configuration files; version <= 6.4.2 indicates vulnerability.

Verify Fix Applied:

Verify that mobileupload.jsp is no longer accessible or that file uploads are properly validated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to mobileupload.jsp
  • Uploads of suspicious file types (e.g., .jsp, .php, .exe)
  • Increased error logs from file validation failures

Network Indicators:

  • HTTP traffic to mobileupload.jsp with file uploads
  • Outbound connections from MetaCRM to unknown IPs post-exploit

SIEM Query:

source="web_logs" AND uri="/mobileupload.jsp" AND method="POST" AND (file_extension="jsp" OR file_extension="php" OR file_extension="exe")

📊 Metadata

CVE ID: CVE-2025-7879
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.06% exploit probability (17.8th percentile)
Published: July 20, 2025
Last Updated: August 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7879, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)