CVE-2025-54788
📊 8.8 HIGH⚡ 0.1%🎯 0 exploits
📅 Published Aug 7, 2025
📋 Status: Analyzed
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | salesagility | suitecrm | < 7.14.7 | Vulnerable | cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 7.14.7
CPE:
cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
LOW
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
8.8 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)21.1th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Aug 7, 2025 (2 months ago)
Last Modified
Aug 14, 2025 (2 months ago)
Security Weaknesses1
CWE-89
References3
NVDcode_repositorygeneral