CVE-2025-32789

Low CVSS: 3.1

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by their password hash. This flaw allows an attacker to make assumptions about the hash values of other users stored in the password column of the user table, based on the results of the sorted list of users. Although unlikely, if an attacker knows the hash value of their password, they can change the password and repeat the sorting until the other user's password hash is fully revealed. This issue is patched in version 9.0.7.

Vendor

Espocrm

Product

Espocrm

CWE

CWE-200

Yayın Tarihi

2025-04-16 22:15:14

Güncelleme

2025-06-18 13:08:03

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-200 Espocrm LOW Espocrm 2025

Referanslar

https://github.com/espocrm/espocrm/commit/91740192d2e2c575c6a04534c079baf9f3af0a7f https://github.com/espocrm/espocrm/commit/bd900d0b48fe37a98def4c0e094e39e7e385e9ea https://github.com/espocrm/espocrm/security/advisories/GHSA-3ph3-jcfx-fq53 https://github.com/espocrm/espocrm/security/advisories/GHSA-3ph3-jcfx-fq53

Benzer Kayıtlar

High

CVE-2020-37094

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulati…

Medium

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows…

Medium

CVE-2025-52892

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP…

Medium

CVE-2025-52575

EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulner…

High

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Know…

Medium

CVE-2025-32385

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to displ…