CVE-2025-52575

Medium CVSS: 6.5

EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7.

Vendor

Espocrm

Product

Espocrm

CWE

CWE-90

Yayın Tarihi

2025-07-21 18:15:28

Güncelleme

2025-08-05 17:53:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-90 Espocrm MEDIUM Espocrm 2025

Referanslar

https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v

Benzer Kayıtlar

High

CVE-2020-37094

EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulati…

Medium

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows…

Medium

CVE-2025-52892

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP…

High

CVE-2025-32390

EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Know…

Low

CVE-2025-32789

EspoCRM is an Open Source Customer Relationship Management software. Prior to version 9.0.7, users can be sorted by thei…

Medium

CVE-2025-32385

EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to displ…