Vulnerability Details CVE-2025-54784
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.9%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2025-54784
-
cpe:2.3:a:salesagility:suitecrm:7.14.0
-
cpe:2.3:a:salesagility:suitecrm:7.14.1
-
cpe:2.3:a:salesagility:suitecrm:7.14.2
-
cpe:2.3:a:salesagility:suitecrm:7.14.3
-
cpe:2.3:a:salesagility:suitecrm:7.14.4
-
cpe:2.3:a:salesagility:suitecrm:7.14.5
-
cpe:2.3:a:salesagility:suitecrm:7.14.6
-
cpe:2.3:a:salesagility:suitecrm:8.6.0
-
cpe:2.3:a:salesagility:suitecrm:8.6.1
-
cpe:2.3:a:salesagility:suitecrm:8.6.2
-
cpe:2.3:a:salesagility:suitecrm:8.7.0
-
cpe:2.3:a:salesagility:suitecrm:8.7.1
-
cpe:2.3:a:salesagility:suitecrm:8.8.0