CVE-2025-64491

Опубликовано: 08 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and below allow unauthenticated reflected Cross-Site Scripting (XSS). Successful exploitation could lead to full account takeover, for example by altering the login form to send credentials to an attacker-controlled server. As a reflected XSS issue, exploitation requires the victim to open a crafted malicious link, which can be delivered via phishing, social media, or other communication channels. This issue is fixed in version 7.14.8.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*

Версия до 7.14.8 (исключая)

EPSS

Процентиль: 12%

0.00041

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

BDU:2025-13975