CVE-2025-54785

📊 8.8 HIGH⚡ 0.1%🎯 0 exploits

📅 Published Aug 7, 2025

📋 Status: Analyzed

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	salesagility	suitecrm	7.14.6	Vulnerable	cpe:2.3:a:salesagility:suitecrm:7.14.6:::::::*
📱App	salesagility	suitecrm	8.8.0	Vulnerable	cpe:2.3:a:salesagility:suitecrm:8.8.0:::::::*

📱

salesagility / suitecrm

Application

Vulnerable

Version: 7.14.6

CPE:

cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:*

📱

salesagility / suitecrm

Application

Vulnerable

Version: 8.8.0

CPE:

cpe:2.3:a:salesagility:suitecrm:8.8.0:*:*:*:*:*:*:*

Metrics

8.8 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

8.8 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)20.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Aug 7, 2025 (2 months ago)

Last Modified

Aug 13, 2025 (2 months ago)

Security Weaknesses2

CWE-20

References3

NVDcode_repositorygeneral