Remote Code Execution Vulnerability in Dolibarr ERP & CRM by Dolibarr
CVE-2025-56588

8.8HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr ERP & CRM
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-56588?

Dolibarr ERP & CRM versions, particularly v21.0.1, have been identified with a vulnerability that allows an attacker to execute arbitrary code remotely through the User module configuration. The flaw is exploited via the computed field parameter, which can be manipulated to compromise the integrity and security of the system. Users of affected versions are advised to apply necessary patches or updates immediately to mitigate the risk associated with this vulnerability.

References

http://dolibarr.com

https://github.com/PhDg1410/Research

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Aug 17, 2025

JSON