CVE-2025-54785
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| salesagility | suitecrm | 7.14.6 |
| salesagility | suitecrm | 8.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SuiteCRM versions 7.14.6 and 8.8.0 occurs because user-supplied input is not validated or sanitized before being passed to the unserialize function. This can allow attackers to exploit the system through techniques such as penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining, and ransomware attacks. The issue is fixed in versions 7.14.7 and 8.8.1.
How can this vulnerability impact me? :
The vulnerability can lead to serious impacts including unauthorized access to system privileges (privilege escalation), exposure of sensitive data, disruption of services (Denial of Service), and the potential for malicious activities such as cryptomining and ransomware attacks, which can compromise system integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade SuiteCRM to version 7.14.7 or 8.8.1, where the vulnerability is fixed. Until then, restrict access to the affected versions and monitor for suspicious activity related to unserialize function misuse.