CVE-2025-64491

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Versions 7.14.7 and below are susceptible to unauthenticated reflected Cross-Site Scripting (XSS). Exploitation of this issue could result in full account takeover, potentially achieved by modifying the login form to redirect credentials to an attacker-controlled server. Successful exploitation requires a victim to open a specially crafted malicious link, which could be delivered through methods like phishing or social media.

Recommendations Update to SuiteCRM version 7.14.8 or later.