CVE-2025-54786

Published: Aug 7, 2025Modified: Aug 14, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security-advisories@github.com (Secondary)

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.

Affected (2)

Products: Salesagility: Suitecrm

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Salesagility Suitecrm	Version 7.14.6
Salesagility Suitecrm	Version 8.8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://docs.suitecrm.com/8.x/admin/releases/8.8

Source: security-advisories@github.com

Release Notes

https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-rf2v-4mv3-qcgm

Source: security-advisories@github.com

Third Party Advisory

Timeline

No history available yet.