CNNVD-202507-2692 Information

CNNVD ID

CNNVD-202507-2692

Related CVE

CVE-2025-52575

• CNNVD Published: 2025-07-21

Description (Chinese)

EspoCRM是EspoCRM开源的一套开源的基于Web的客户关系管理系统（CRM）。该系统提供销售自动化、社区和客户支持等功能。 EspoCRM 9.1.6及之前版本存在注入漏洞，该漏洞源于LDAP查询输入验证不足，可能导致盲LDAP注入攻击。

Description (English)

EspoCRM is an open-source web-based customer relationship management system (CRM) for EspoCRM. The system provides such functions as marketing automation, community and customer support. EspoCRM 9.1.6 and previous versions had an injection loophole, which stemmed from inadequate LDAP query input validation and could lead to a blind LDAP injection attack.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

EspoCRM

Published

2025-07-21

Last Modified

2026-02-24

References

https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v

Patch

https://github.com/espocrm/espocrm/releases