Unrated severityNVD Advisory· Published Nov 8, 2025· Updated Nov 10, 2025
SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
CVE-2025-64492
Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times, potentially leading to the extraction of sensitive information. It is possible for an attacker to enumerate database, table, and column names, extract sensitive data, or escalate privileges. This is fixed in version 8.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.