CVE-2025-54785 | THREATINT

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

PUBLISHED Reserved 2025-07-29 | Published 2025-08-06 | Updated 2025-08-07 | Assigner GitHub_M

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-20: Improper Input Validation

Product status

>= 7.14.6, < 7.14.7

affected

>= 8.8.0, < 8.8.1

affected

References

github.com/...iteCRM/security/advisories/GHSA-53cp-mpfw-qj67

docs.suitecrm.com/admin/releases/7.14.x/

cve.org (CVE-2025-54785)

nvd.nist.gov (CVE-2025-54785)

Download JSON