Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025
SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data
CVE-2025-54786
Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- docs.suitecrm.com/8.x/admin/releases/8.8mitrex_refsource_MISC
- github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-rf2v-4mv3-qcgmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.