CVE-2025-41384

📊 5.1 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Oct 27, 2025

📋 Status: Analyzed

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.

CVSS v3.1 • NVD

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	salesagility	suitecrm	7.14.1	Vulnerable	cpe:2.3:a:salesagility:suitecrm:7.14.1:::::::*

📱

salesagility / suitecrm

Application

Vulnerable

Version: 7.14.1

CPE:

cpe:2.3:a:salesagility:suitecrm:7.14.1:*:*:*:*:*:*:*

Metrics

5.1 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.1 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.0% (Minimal)7.0th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Oct 27, 2025 (5 days ago)

Last Modified

Oct 28, 2025 (4 days ago)

Security Weaknesses1

CWE-79

References2

NVDgeneral