CVE-2025-54785

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

CVSS

No CVSS.

References

Link	Resource
https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7	Release Notes
https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:salesagility:suitecrm:7.14.6:::::::*
	cpe:2.3:a:salesagility:suitecrm:8.8.0:::::::*

History

13 Aug 2025, 18:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:salesagility:suitecrm:8.8.0:::::::* cpe:2.3:a:salesagility:suitecrm:7.14.6:::::::*
References	~~() https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67 -~~	() https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67 - Third Party Advisory
References	~~() https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7 -~~	() https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7 - Release Notes
First Time		Salesagility Salesagility suitecrm
CWE		NVD-CWE-noinfo

07 Aug 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-07 00:15

Updated : 2025-08-13 18:12

NVD link : CVE-2025-54785

Mitre link : CVE-2025-54785

JSON object : View

Products Affected

salesagility

suitecrm

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

JSON object

Attach tags to CVE-2025-54785

Attach tags to `CVE-2025-54785`