Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025

SuiteCRM is Vulnerable to PHP Object Injection in Reports

CVE-2025-54785

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

Affected products

Suitecrm/Suitecrmv5
Range: >= 7.14.6, < 7.14.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.suitecrm.com/admin/releases/7.14.x/mitrex_refsource_MISC
github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-53cp-mpfw-qj67mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000