CVE-2025-7879 is a vulnerability identified in Metasoft 美特软件's MetaCRM product, specifically affecting versions up to 6.4.2. The vulnerability resides in the mobileupload.jsp file, where manipulation of the 'File' argument allows an attacker to perform an unrestricted file upload. This means that an attacker can remotely upload arbitrary files to the server without proper validation or restrictions. The vulnerability does not require user interaction and can be exploited remotely without authentication, increasing its risk profile. The CVSS 4.0 base score is 5.3, indicating a medium severity level. The vector details show that the attack vector is network-based (AV:N), with low attack complexity (AC:L), no authentication required (AT:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is limited (VC:L, VI:L, VA:L), suggesting that while the vulnerability can lead to unauthorized file uploads, the overall damage potential is somewhat constrained, possibly due to environment or application-specific factors. No patches or vendor responses have been reported, and no known exploits are currently observed in the wild. However, the public disclosure of the exploit increases the risk of exploitation. Unrestricted file upload vulnerabilities are critical because they can allow attackers to upload malicious scripts or executables, potentially leading to remote code execution, data breaches, or service disruption depending on the server configuration and file handling. The lack of vendor response and patch availability heightens the urgency for affected organizations to implement mitigations.

For European organizations using MetaCRM up to version 6.4.2, this vulnerability poses a tangible risk of unauthorized access and potential compromise of CRM systems. Given that CRM systems often contain sensitive customer and business data, exploitation could lead to data leakage, reputational damage, and regulatory non-compliance under GDPR. The ability to upload arbitrary files remotely without authentication could allow attackers to deploy web shells or malware, facilitating further lateral movement within the network or persistent access. This could disrupt business operations and lead to financial losses. The medium severity rating suggests that while the vulnerability is serious, exploitation may require specific conditions or may not always lead to full system compromise. Nonetheless, the absence of vendor patches and the public availability of exploit details increase the likelihood of targeted attacks. European organizations with high reliance on MetaCRM for customer relationship management, especially those in regulated sectors such as finance, healthcare, or telecommunications, should consider this vulnerability a significant threat to their operational security and data integrity.

Since no official patches are currently available, European organizations should implement immediate compensating controls. These include restricting access to the mobileupload.jsp endpoint via network segmentation or firewall rules, allowing only trusted IP addresses or VPN access. Web application firewalls (WAFs) should be configured to detect and block suspicious file upload attempts, particularly those with unusual file types or payloads. Organizations should audit their MetaCRM installations to identify the presence of the vulnerable versions and monitor logs for any anomalous upload activity. Disabling or removing the mobileupload.jsp functionality temporarily, if feasible, can mitigate risk. Additionally, applying strict file type validation and limiting executable permissions on upload directories can reduce the impact of potential exploitation. Regular backups and incident response plans should be updated to prepare for potential compromise. Finally, organizations should maintain close monitoring of vendor communications for any forthcoming patches and apply them promptly once available.