CVE-2025-64490

CVSS v2.0

8.7

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and prior SuiteCRM versions 8.0.0-beta.1 through 8.9.0

Description SuiteCRM is a Customer Relationship Management (CRM) software application. Low-privileged users with restrictive roles can view and create work items through the Resource Calendar and project screens, even when related modules are disabled or set to 'None' in Role Management. This is due to inconsistent Access Control List (ACL) and Role-Based Access Control (RBAC) enforcement. This can lead to unauthorized data exposure and modification.

Recommendations Update to SuiteCRM version 7.14.8 or later. Update to SuiteCRM version 8.9.1 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-13974

CVE-2025-64490

GHSA-JH8V-WQGJ-HHC2

Affected Products

Suitecrm

CVE-2025-64490

Weakness Enumeration

Related Identifiers

Affected Products

References · 11