Reflected Cross-Site Scripting Vulnerability in SuiteCRM by SuiteCRM
CVE-2025-64491

6.1MEDIUM

Key Information:

Vendor: Suitecrm
Status: Suitecrm
Vendor: CVE Published:; 8 November 2025

What is CVE-2025-64491?

SuiteCRM, an open-source Customer Relationship Management software, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability in versions up to 7.14.7. This flaw allows attackers to execute malicious scripts in the context of a user's browser, which can lead to severe consequences such as unauthorized account access. Attackers can exploit this vulnerability by enticing users to click on a specially crafted link that contains malicious code. Once executed, the attacker could manipulate the login form to capture sensitive credentials, redirecting them to their server. The issue has been addressed in SuiteCRM version 7.14.8.

Affected Version(s)

SuiteCRM < 7.14.8

References

https://github.com/SuiteCRM/SuiteCRM/security/advisories/...

x_refsource_CONFIRM

https://github.com/SuiteCRM/SuiteCRM/commit/40da2845a1708...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2025
Vulnerability Reserved
Nov 5, 2025

JSON

Suitecrm

What is CVE-2025-64491?

Affected Version(s)

References

CVSS V3.1

Timeline