CVE-2025-54785

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-54785

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54785.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54785

Aliases

GHSA-53cp-mpfw-qj67

Published

2025-08-06T23:15:16.718Z

Modified

2026-04-10T05:29:41.117020Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

SuiteCRM is Vulnerable to PHP Object Injection in Reports

Details

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54785.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git

github.com/salesagility/suitecrm

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm

Events

Introduced

Last affected

e572230abd0dad205b24a96acce72590b20bf69d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.14.6"
        }
    ]
}

Affected versions

7.*

7.9.6

v.*

v.7.9.11

v7.*

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.11.0

v7.11.1

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.2

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.12-rc

v7.12.0

v7.12.1

v7.12.2

v7.12.3

v7.12.4

v7.12.5

v7.12.6

v7.12.7

v7.12.8

v7.13.0

v7.13.0-beta

v7.13.1

v7.13.2

v7.13.3

v7.13.4

v7.14.0

v7.14.0-beta

v7.14.1

v7.14.2

v7.14.3

v7.14.4

v7.14.5

v7.14.6

v7.2

v7.2.1

v7.2beta

v7.2beta2

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.4.1

v7.4.2

v7.4.3

v7.5-beta

v7.5-beta.2

v7.5.1

v7.6

v7.6.1

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.2

v7.7.3

v7.7.4

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.2

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.3

v7.9.4

v7.9.5

v7.9.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54785.json"

github.com/salesagility/suitecrm-core

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm-core

Events

Introduced

Last affected

9df984eccd7c0beebcd089a3c16b469fd089cf88

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.0"
        }
    ]
}

Affected versions

v8.*

v8.0.0

v8.0.0-beta.1

v8.0.0-beta.2

v8.0.0-beta.3

v8.0.0-rc

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.1.1

v8.1.2

v8.1.3

v8.2.0

v8.2.0-beta.2

v8.2.1

v8.2.2

v8.2.3

v8.2.4

v8.3.0

v8.3.1

v8.4.0

v8.4.0-beta

v8.4.1

v8.4.2

v8.5.0

v8.5.1

v8.6.0

v8.6.1

v8.6.2

v8.7.0

v8.7.0-beta

v8.7.1

v8.8.0

v8.8.0-beta

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54785.json"

github.com/suitecrm/suitecrm

Affected ranges

Type

GIT

Repo

https://github.com/suitecrm/suitecrm

Events

Introduced

e572230abd0dad205b24a96acce72590b20bf69d

Fixed

55921fe6c5fd5e2f81fc401e2d9ac8653cfbb8b5

Database specific

{
    "versions": [
        {
            "introduced": "7.14.6"
        },
        {
            "fixed": "7.14.7"
        }
    ]
}

Affected versions

v7.*

v7.14.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54785.json"