CVE-2025-54783
📊 5.1 MEDIUM⚡ 0.0%🎯 0 exploits
📅 Published Aug 7, 2025
📋 Status: Analyzed
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | salesagility | suitecrm | < 7.14.7 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 7.14.7
CPE:
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Metrics
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
5.1 (MEDIUM)v4.0
Source: [email protected]
EPSS Details
0.0% (Minimal)12.1th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Aug 7, 2025 (2 months ago)
Last Modified
Aug 12, 2025 (2 months ago)
Security Weaknesses1
CWE-79
References3
NVDcode_repositorygeneral