CVE-2025-54787

Name of the Vulnerable Software and Affected Versions SuiteCRM version 7.14.6

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability exists that allows unauthenticated downloads of any file from the upload-directory, provided the file is named using an ID (e.g., attachments). An unauthenticated attacker could download internal files by discovering a valid file-ID. Valid IDs could be brute-forced, although this may be time-consuming as the file-IDs are typically UUIDs.

Recommendations Upgrade to SuiteCRM version 7.14.7 or later.