CVE-2025-54786 Information
Aug 08, 2025
cve
Description
SuiteCRM is an open-source enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0 the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user’s meeting (calendar event) data given their username related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
Reference
https://docs.suitecrm.com/8.x/admin/releases/8.8 https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-rf2v-4mv3-qcgm
Related CNNVD
CNNVD-202508-642 (Published: 2025-08-07)
Share on: