CNNVD-202506-2800 Information
CNNVD ID
CNNVD-202506-2800
Related CVE
- CNNVD Published: 2025-06-20
Description (Chinese)
SugarCRM是美国SugarCRM公司的一套开源的客户关系管理系统(CRM)。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索,实现销售代表的信息共享和追踪。 SugarCRM存在安全漏洞,该漏洞源于对SugarRestSerialize.php中rest_data参数的反序列化验证不足,可能导致任意代码执行。以下版本受到影响:6.5.24之前版本、6.7.13之前版本、7.5.2.5之前版本、7.6.2.2之前版本和7.7.1.0之前版本。
Description (English)
SugarCRM is an open-source customer relationship management system (CRM) for SugarCRM in the United States. The system supports differentiated marketing of different customer needs, management and distribution of sales trails, as well as information-sharing and tracking of sales representatives. There is a security loophole in Sugarr, which stems from inadequate inverse-sequencing verification of SugarrtSerialize.phppress data parameters, which may lead to arbitrary code execution. The following versions were affected: pre-6.5.24, pre- 6.7.13, pre-7.5.2.5, pre-7.6.2 and pre-7.5.1.0.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
SugarCRM
Published
2025-06-20
Last Modified
2026-02-24
References
http://www.sugarcrm.com/security/sugarcrm-sa-2016-008 https://web.archive.org/web/20160725194502/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/sugarcrm_rest_unserialize_exec.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/sugarcrm_rest_unserialize_exec.rb https://vulncheck.com/advisories/sugarcrm-php-deserialization-rce http://www.sugarcrm.com/security/sugarcrm-sa-2016-001 https://web.archive.org/web/20160508053502/ https://www.sugarcrm.com/crm/ https://karmainsecurity.com/KIS-2016-07 https://www.exploit-db.com/exploits/40344 https://access.redhat.com/security/cve/cve-2025-25034
Patch
https://www.sugarcrm.com/au/download/
Share on: