CVE-2025-54784

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.0 through 7.14.6

Description SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Cross Site Scripting (XSS) vulnerability exists in the email viewer. An external attacker could send a prepared message to the inbox of the SuiteCRM instance. By viewing emails as a logged-in user, the payload can be triggered, allowing an attacker to run arbitrary actions as that user – potentially extracting data or taking over the instance if the logged-in user is an administrator.

Recommendations Update to SuiteCRM version 7.14.7.