CVE-2025-54784 Information

Aug 08, 2025 cve

Description

SuiteCRM is an open-source enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user the payload can be triggered. With that an attacker is able to run arbitrary actions as the logged-in user - like extracting data or if it is an admin executing the payload takeover the instance. This is fixed in versions 7.14.7.

Reference

https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7 https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-vg8q-xcq5-mh3p

CNNVD-202508-646 (Published: 2025-08-07)

Share on:

CVE-2025-54784 Information

Description

Reference

Related CNNVD