CVE-2025-54787
📊 3.7 LOW⚡ 0.1%🎯 0 exploits
📅 Published Aug 7, 2025
📋 Status: Analyzed
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID. Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
2 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | salesagility | suitecrm | ≥ 8.6.0 ∧ < 8.8.1 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* |
📱App | salesagility | suitecrm | 7.14.6 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 8.6.0 ∧ < 8.8.1
CPE:
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 7.14.6
CPE:
cpe:2.3:a:salesagility:suitecrm:7.14.6:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector:
NETWORK
Complexity:
HIGH
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
LOW
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
3.7 (LOW)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)17.6th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Aug 7, 2025 (2 months ago)
Last Modified
Aug 12, 2025 (2 months ago)
Security Weaknesses1
CWE-285
References3
NVDcode_repositorygeneral