CVE-2025-54788

High CVSS: 8.8

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.

Vendor

Salesagility

Product

Suitecrm

CWE

CWE-89

Yayın Tarihi

2025-08-07 00:15:32

Güncelleme

2025-08-14 20:12:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Suitecrm HIGH Salesagility 2025

Referanslar

https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7 https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-v3m9-8wg7-c72x

Benzer Kayıtlar

High

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0…

Medium

CVE-2025-64493

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.…

Medium

CVE-2025-64491

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64489

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.…