CVE-2025-41384

Name of the Vulnerable Software and Affected Versions SuiteCRM version 7.14.1

Description A Cross-Site Scripting (XSS) issue exists where an attacker can execute JavaScript code. This is achieved by manipulating the HTTP Referer header to include a malicious domain containing JavaScript code. The server attempts to block the domain but allows the JavaScript code to run. The vulnerability is reflected, meaning the malicious code is executed in the context of the application.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the HTTP Referer header to prevent the execution of arbitrary JavaScript code.