CVE-2025-54786

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54786
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54786.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54786
Aliases
Published
2025-08-06T23:23:00.948Z
Modified
2026-04-10T05:29:40.580052Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data
Details

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54786.json",
    "cwe_ids": [
        "CWE-200",
        "CWE-284",
        "CWE-287"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git
github.com/salesagility/suitecrm

Affected ranges

Type
GIT
Repo
https://github.com/salesagility/suitecrm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e572230abd0dad205b24a96acce72590b20bf69d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.14.6"
        }
    ]
}

Affected versions

7.*
7.9.6
v.*
v.7.9.11
v7.*
v7.0.2
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.10.0
v7.10.1
v7.10.10
v7.10.11
v7.10.12
v7.10.2
v7.10.3
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.11.0
v7.11.1
v7.11.11
v7.11.12
v7.11.13
v7.11.14
v7.11.15
v7.11.16
v7.11.17
v7.11.18
v7.11.2
v7.11.3
v7.11.4
v7.11.5
v7.11.6
v7.11.7
v7.11.8
v7.12-rc
v7.12.0
v7.12.1
v7.12.2
v7.12.3
v7.12.4
v7.12.5
v7.12.6
v7.12.7
v7.12.8
v7.13.0
v7.13.0-beta
v7.13.1
v7.13.2
v7.13.3
v7.13.4
v7.14.0
v7.14.0-beta
v7.14.1
v7.14.2
v7.14.3
v7.14.4
v7.14.5
v7.14.6
v7.2
v7.2.1
v7.2beta
v7.2beta2
v7.3
v7.3-beta
v7.3.1
v7.3.2
v7.4.1
v7.4.2
v7.4.3
v7.5-beta
v7.5-beta.2
v7.5.1
v7.6
v7.6.1
v7.7
v7.7-beta1
v7.7-beta2
v7.7-rc
v7.7-rc2
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.8.0-beta
v7.8.0-beta.2
v7.8.0-rc
v7.8.1
v7.8.2
v7.9.0
v7.9.0-beta
v7.9.0-rc
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.13
v7.9.14
v7.9.3
v7.9.4
v7.9.5
v7.9.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54786.json"
github.com/salesagility/suitecrm-core

Affected ranges

Type
GIT
Repo
https://github.com/salesagility/suitecrm-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9df984eccd7c0beebcd089a3c16b469fd089cf88
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.0"
        }
    ]
}

Affected versions

v8.*
v8.0.0
v8.0.0-beta.1
v8.0.0-beta.2
v8.0.0-beta.3
v8.0.0-rc
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.2.0
v8.2.0-beta.2
v8.2.1
v8.2.2
v8.2.3
v8.2.4
v8.3.0
v8.3.1
v8.4.0
v8.4.0-beta
v8.4.1
v8.4.2
v8.5.0
v8.5.1
v8.6.0
v8.6.1
v8.6.2
v8.7.0
v8.7.0-beta
v8.7.1
v8.8.0
v8.8.0-beta

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54786.json"
github.com/suitecrm/suitecrm-core

Affected ranges

Type
GIT
Repo
https://github.com/suitecrm/suitecrm-core
Events
Introduced
9df984eccd7c0beebcd089a3c16b469fd089cf88
Fixed
3e06d0f16a8a7c2cf27062372e87a134d7a032c8
Database specific 
{
    "versions": [
        {
            "introduced": "8.8.0"
        },
        {
            "fixed": "8.8.1"
        }
    ]
}

Affected versions

v8.*
v8.8.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54786.json"