CVE-2025-52892

Name of the Vulnerable Software and Affected Versions EspoCRM versions 9.1.6 and below

Description EspoCRM is a web application featuring a single-page application frontend and a PHP-based REST API backend. If a user accesses EspoCRM in a browser with double slashes (e.g., https://domain//#Admin) and the webserver does not remove the double slash, it can corrupt the Slim router's cache, rendering the instance unusable until the cache is rebuilt.

Recommendations Upgrade to version 9.1.7 or later.