CVE-2025-54785

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.6 and 8.8.0

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated or sanitized before being passed to the unserialize() function. This could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining, and ransomware.

Recommendations Update to SuiteCRM version 7.14.7. Update to SuiteCRM version 8.8.1.

Exploit

Fix

DoS

LPE

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-54785

GHSA-53CP-MPFW-QJ67

Affected Products

Suitecrm

CVE-2025-54785

Weakness Enumeration

Related Identifiers

Affected Products

References · 9