CVE-2025-54786
📊 5.3 MEDIUM⚡ 0.1%🎯 0 exploits
📅 Published Aug 7, 2025
📋 Status: Analyzed
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
2 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | salesagility | suitecrm | 7.14.6 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:* |
📱App | salesagility | suitecrm | 8.8.0 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:8.8.0:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: 7.14.6
CPE:
cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 8.8.0
CPE:
cpe:2.3:a:salesagility:suitecrm:8.8.0:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
LOW
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
5.3 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)18.6th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Aug 7, 2025 (2 months ago)
Last Modified
Aug 14, 2025 (2 months ago)
Security Weaknesses3
CWE-200CWE-284CWE-287
References3
NVDcode_repositorygeneral