CVE-2025-54788

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54788
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54788.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54788
Aliases
  • GHSA-v3m9-8wg7-c72x
Published
2025-08-06T23:48:55.847Z
Modified
2026-04-10T05:29:40.700989Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module
Details

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54788.json",
    "cwe_ids": [
        "CWE-89"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type
GIT
Repo
https://github.com/salesagility/suitecrm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
55921fe6c5fd5e2f81fc401e2d9ac8653cfbb8b5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.14.7"
        }
    ]
}

Affected versions

7.*
7.9.6
v.*
v.7.9.11
v7.*
v7.0.2
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.10.0
v7.10.1
v7.10.10
v7.10.11
v7.10.12
v7.10.2
v7.10.3
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.11.0
v7.11.1
v7.11.11
v7.11.12
v7.11.13
v7.11.14
v7.11.15
v7.11.16
v7.11.17
v7.11.18
v7.11.2
v7.11.3
v7.11.4
v7.11.5
v7.11.6
v7.11.7
v7.11.8
v7.12-rc
v7.12.0
v7.12.1
v7.12.2
v7.12.3
v7.12.4
v7.12.5
v7.12.6
v7.12.7
v7.12.8
v7.13.0
v7.13.0-beta
v7.13.1
v7.13.2
v7.13.3
v7.13.4
v7.14.0
v7.14.0-beta
v7.14.1
v7.14.2
v7.14.3
v7.14.4
v7.14.5
v7.14.6
v7.2
v7.2.1
v7.2beta
v7.2beta2
v7.3
v7.3-beta
v7.3.1
v7.3.2
v7.4.1
v7.4.2
v7.4.3
v7.5-beta
v7.5-beta.2
v7.5.1
v7.6
v7.6.1
v7.7
v7.7-beta1
v7.7-beta2
v7.7-rc
v7.7-rc2
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.8.0-beta
v7.8.0-beta.2
v7.8.0-rc
v7.8.1
v7.8.2
v7.9.0
v7.9.0-beta
v7.9.0-rc
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.13
v7.9.14
v7.9.3
v7.9.4
v7.9.5
v7.9.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54788.json"

Git / github.com/suitecrm/suitecrm

Affected ranges

Type
GIT
Repo
https://github.com/suitecrm/suitecrm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
55921fe6c5fd5e2f81fc401e2d9ac8653cfbb8b5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "7.14.7"
        }
    ]
}

Affected versions

7.*
7.9.6
v.*
v.7.9.11
v7.*
v7.0.2
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.10.0
v7.10.1
v7.10.10
v7.10.11
v7.10.12
v7.10.2
v7.10.3
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.11.0
v7.11.1
v7.11.11
v7.11.12
v7.11.13
v7.11.14
v7.11.15
v7.11.16
v7.11.17
v7.11.18
v7.11.2
v7.11.3
v7.11.4
v7.11.5
v7.11.6
v7.11.7
v7.11.8
v7.12-rc
v7.12.0
v7.12.1
v7.12.2
v7.12.3
v7.12.4
v7.12.5
v7.12.6
v7.12.7
v7.12.8
v7.13.0
v7.13.0-beta
v7.13.1
v7.13.2
v7.13.3
v7.13.4
v7.14.0
v7.14.0-beta
v7.14.1
v7.14.2
v7.14.3
v7.14.4
v7.14.5
v7.14.6
v7.2
v7.2.1
v7.2beta
v7.2beta2
v7.3
v7.3-beta
v7.3.1
v7.3.2
v7.4.1
v7.4.2
v7.4.3
v7.5-beta
v7.5-beta.2
v7.5.1
v7.6
v7.6.1
v7.7
v7.7-beta1
v7.7-beta2
v7.7-rc
v7.7-rc2
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.8.0-beta
v7.8.0-beta.2
v7.8.0-rc
v7.8.1
v7.8.2
v7.9.0
v7.9.0-beta
v7.9.0-rc
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.13
v7.9.14
v7.9.3
v7.9.4
v7.9.5
v7.9.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54788.json"