CVE-2025-32390

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.0.8

Description The issue allows for HTML Injection in Knowledge Base (KB) articles, leading to complete page defacement that can imitate the login page. Authenticated users with the read knowledge article privilege can be impacted, and if they submit their credentials, they get captured in plain text. This is due to overly permissive HTML editing being allowed on the KB articles. In an enterprise setting, the vulnerability could be exploited to harvest credentials for other applications by making the malicious KB article resemble the login pages of those applications.

Recommendations For versions prior to 9.0.8, update to version 9.0.8 to resolve the issue. As a temporary workaround, consider restricting access to editing KB articles to prevent malicious modifications. Additionally, advise users to be cautious when submitting credentials on pages that resemble the login page but are accessed through KB articles.