VYPR
Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025

SuiteCRM is Vulnerable to PHP Object Injection in Reports

CVE-2025-54785

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Suitecrm/Suitecrmllm-fuzzy2 versions
    =7.14.6, =8.8.0+ 1 more
    • (no CPE)range: =7.14.6, =8.8.0
    • (no CPE)range: >= 7.14.6, < 7.14.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.