CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-64493

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the database, and does not require administrative access. This issue is fixed in version 8.9.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.9%

CVSS Severity

CVSS v3 Score 6.5

References

https://docs.suitecrm.com/community/security-policy
https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-5gcj-mfqq-v8f7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64493

Products

Pricing

Contact Us