CVE-2025-54785HIGH 8.8EPSS p26.5%

CVE-2025-54785CVE-2025-54785

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 26.5% · 2026-06-19T12:03:05Z
Published2025-08-07
Last modified2025-08-13

Underlying weaknesses· 1

CWE-20

References

  1. https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7
  2. https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54788
CVE
CVE-2025-64488
CVE
CVE-2026-29102
CVE
CVE-2025-64489
CVE
CVE-2026-29099
CVE
CVE-2025-64490
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.