Cyber Posture

CVE-2022-45185

HighPublic PoCRCE

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-45185 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Salesagility Suitecrm. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through patching directly addresses and eliminates the deserialization vulnerability in SuiteCRM 7.12.7 as referenced in release documentation.

SI-10 Information Input Validation good match
prevent

Information input validation at CRM file upload interfaces detects and rejects malicious serialized payloads before deserialization can occur.

SI-9 Information Input Restrictions partial match
prevent

Information input restrictions limit file types, sizes, and sources for CRM uploads, reducing the attack surface for malicious file exploitation.

NVD Description

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.

Deeper analysisAI

CVE-2022-45185 is a deserialization vulnerability (CWE-502) discovered in SuiteCRM version 7.12.7. It enables authenticated users to upload malicious files via CRM functions, which can then be leveraged for remote code execution. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The attack requires low-privilege authenticated access and can be carried out remotely with low complexity and no user interaction. An exploiting user can achieve arbitrary code execution on the affected server, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and patches are referenced in the SuiteCRM 7.12.x release documentation at https://docs.suitecrm.com/admin/releases/7.12.x/. Proof-of-concept code demonstrating the exploit is publicly available in the Orange Cyberdefense CVE repository at https://github.com/Orange-Cyberdefense/CVE-repository/ and specifically at https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_SuiteCRM.py.

Details

CWE(s)
CWE-502

Affected Products

salesagility
suitecrm
7.12.7

CVEs Like This One

CVE-2025-54785Same product: Salesagility Suitecrm
CVE-2022-50589Same product: Salesagility Suitecrm
CVE-2022-45186Same product: Salesagility Suitecrm
CVE-2019-25664Same product: Salesagility Suitecrm
CVE-2019-25663Same product: Salesagility Suitecrm
CVE-2025-54788Same product: Salesagility Suitecrm
CVE-2025-67617Shared CWE-502
CVE-2026-2020Shared CWE-502
CVE-2025-60036Shared CWE-502
CVE-2025-49386Shared CWE-502

References