Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025
SuiteCRM is Vulnerable to PHP Object Injection in Reports
CVE-2025-54785
Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- docs.suitecrm.com/admin/releases/7.14.x/mitrex_refsource_MISC
- github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.