Server-Side Request Forgery in SugarCRM API Module
CVE-2024-58258

7.2HIGH

Key Information:

Vendor: Sugarcrm
Status: Sugarcrm
Vendor: CVE Published:; 13 July 2025

What is CVE-2024-58258?

SugarCRM versions prior to 13.0.4 and 14.x before 14.0.1 are susceptible to Server-Side Request Forgery (SSRF) through their API module. This vulnerability allows an attacker to manipulate internal requests, potentially exposing sensitive information or enabling further exploitation. By exploiting a limited form of code injection, an unauthorized user can access backend systems that are otherwise protected, raising significant security concerns for organizations utilizing these versions of SugarCRM.

Affected Version(s)

SugarCRM 0 < 13.0.4

SugarCRM 14 < 14.0.1

References

https://support.sugarcrm.com/resources/security/sugarcrm-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2025
Vulnerability Reserved
Jul 13, 2025

Sugarcrm

What is CVE-2024-58258?

Affected Version(s)

References

CVSS V3.1

Timeline