CNNVD-202508-278 Information
CNNVD ID
CNNVD-202508-278
Related CVE
- CNNVD Published: 2025-08-05
Description (Chinese)
EspoCRM是EspoCRM开源的一套开源的基于Web的客户关系管理系统(CRM)。该系统提供销售自动化、社区和客户支持等功能。 EspoCRM 9.1.6及之前版本存在环境问题漏洞,该漏洞源于双斜杠导致Slim路由器缓存损坏,可能导致实例不可用。
Description (English)
EspoCRM is an open-source web-based customer relationship management system (CRM) for EspoCRM. The system provides such functions as marketing automation, community and customer support. EspoCRM 9.1.6 and previous versions have environmental loopholes, which stem from double slash leading to damage to the Slim router cache, which may lead to instances not being available.
Hazard Level
High
Vulnerability Type
环境问题
Affected Vendor
EspoCRM
Published
2025-08-05
Last Modified
2026-02-24
References
https://github.com/espocrm/espocrm/commit/929611f317ce8892ea75873b0ab3094c0c510ff3 https://github.com/espocrm/espocrm/security/advisories/GHSA-26x2-6wch-j8pf https://access.redhat.com/security/cve/cve-2025-52892
Patch
https://github.com/espocrm/espocrm/releases
Share on: