CVE-2025-64493

Medium CVSS: 6.5

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the database, and does not require administrative access. This issue is fixed in version 8.9.1.

Vendor

Salesagility

Product

Suitecrm

CWE

CWE-89

Yayın Tarihi

2025-11-08 02:15:34

Güncelleme

2025-11-25 17:33:58

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Suitecrm MEDIUM Salesagility 2025

Referanslar

https://docs.suitecrm.com/community/security-policy https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-5gcj-mfqq-v8f7

Benzer Kayıtlar

High

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0…

Medium

CVE-2025-64491

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64489

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.…

Critical

CVE-2022-50589

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter wit…