Unrated severityNVD Advisory· Published Aug 6, 2025· Updated Aug 7, 2025

SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data

CVE-2025-54786

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.

Affected products

Suitecrm/Suitecrmllm-fuzzy
Range: 7.14.6, 8.8.0
SuiteCRM/SuiteCRM-Corev5
Range: >= 8.8.0, < 8.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.suitecrm.com/8.x/admin/releases/8.8mitrex_refsource_MISC
github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-rf2v-4mv3-qcgmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000