CVE-2025-54786

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.6 and 8.8.0

Description SuiteCRM, an open-source Customer Relationship Management (CRM) software application, suffers from broken authentication within the legacy iCal service. This allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, and related functionality enables user enumeration.

Recommendations Update to SuiteCRM version 7.14.7. Update to SuiteCRM version 8.8.1.

Exploit

Fix

Improper Access Control

Improper Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287CWE-200

Related Identifiers

BIT-SUITECRM-2025-54786

CVE-2025-54786

GHSA-RF2V-4MV3-QCGM

Affected Products

Suitecrm

CVE-2025-54786

Weakness Enumeration

Related Identifiers

Affected Products

References · 10