Browse all 35 CVE security advisories affecting Suitecrm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SuiteCRM is an open-source customer relationship management platform designed to help organizations manage sales, marketing, and support interactions. Historically, its codebase has been associated with thirty-five recorded Common Vulnerabilities and Exposures, primarily stemming from insufficient input validation and inadequate access controls. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from outdated PHP dependencies or improper session management. While the project maintains an active community, its open nature exposes source code to potential exploitation if patches are not promptly applied. Notable incidents have highlighted risks related to unauthenticated file uploads and SQL injection, emphasizing the critical need for rigorous security auditing. Organizations deploying this software must prioritize regular updates and strict configuration hardening to mitigate these inherent structural weaknesses and protect sensitive customer data from unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54784 | SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer — SuiteCRMCWE-79 | 8.8AI | HighAI | 2025-08-07 |
| CVE-2025-54783 | SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header — SuiteCRMCWE-79 | 6.1AI | MediumAI | 2025-08-07 |
| CVE-2025-54788 | SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module — SuiteCRMCWE-89 | 8.8 | High | 2025-08-06 |
| CVE-2025-54786 | SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data — SuiteCRM-CoreCWE-200 | 5.3 | Medium | 2025-08-06 |
| CVE-2025-54785 | SuiteCRM is Vulnerable to PHP Object Injection in Reports — SuiteCRMCWE-20 | 8.8 | High | 2025-08-06 |
This page lists every published CVE security advisory associated with Suitecrm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.