PT-2025-41488 · Unknown · Perfex Crm
Ahamed Yaseen
+1
·
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-60375
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Perfex CRM versions prior to 3.3.1
Description
The authentication process in Perfex CRM has a flaw where server-side validation is inadequate. This allows attackers to bypass normal login procedures by submitting empty values for the
username and password parameters in a login request. Successful exploitation grants unauthorized access to user accounts, potentially including administrative accounts.Recommendations
Update Perfex CRM to version 3.3.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perfex Crm