Home

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.

PUBLISHED Reserved 2025-07-29 | Published 2025-08-06 | Updated 2025-08-07 | Assigner GitHub_M




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-287: Improper Authentication

Product status

>= 8.8.0, < 8.8.1
affected

>= 7.14.6, < 7.14.7
affected

References

github.com/...M-Core/security/advisories/GHSA-rf2v-4mv3-qcgm

docs.suitecrm.com/8.x/admin/releases/8.8

cve.org (CVE-2025-54786)

nvd.nist.gov (CVE-2025-54786)

Download JSON