CVE-2025-64488

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below SuiteCRM versions 8.0.0-beta.1 through 8.9.0

Description SuiteCRM is a Customer Relationship Management (CRM) software application. An attacker can manipulate the call id to modify SQL query logic or inject arbitrary SQL code. This could result in unauthorized data access, data exfiltration, and potential complete database compromise.

Recommendations Update to SuiteCRM version 7.14.8 or later. Update to SuiteCRM version 8.9.1 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-13976

CVE-2025-64488

GHSA-5V53-V44Q-WW2C

Affected Products

Suitecrm

CVE-2025-64488

Weakness Enumeration

Related Identifiers

Affected Products

References · 10