CVE-2025-60375

Name of the Vulnerable Software and Affected Versions Perfex CRM versions prior to 3.3.1

Description The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the username and password parameters in a login request. Successful exploitation grants unauthorized access to user accounts, potentially including administrative accounts.

Recommendations Update Perfex CRM to version 3.3.1 or later.