Reflected XSS Vulnerability in SuiteCRM Affects Multiple Versions
CVE-2025-54783

5.1MEDIUM

Key Information:

Vendor

Suitecrm

Status
Suitecrm
Vendor
CVE Published:
7 August 2025

What is CVE-2025-54783?

SuiteCRM, an open-source Customer Relationship Management application, has a vulnerability that enables attackers to inject malicious JavaScript code via the manipulation of the HTTP Referer header. This occurs on versions up to 7.14.6, where the server's attempt to block arbitrary domains fails, allowing for JavaScript code execution. This vulnerability has been addressed in SuiteCRM version 7.14.7, making it crucial for users to upgrade to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SuiteCRM < 7.14.7

References

https://github.com/SuiteCRM/SuiteCRM/security/advisories/...
x_refsource_CONFIRM
https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

JSON
.