Cyber Resilience

CVE-2022-50589

CriticalPublic PoC

Published: 06 November 2025

Published
06 November 2025
Modified
24 November 2025
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 45.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50589 is a critical-severity SQL Injection (CWE-89) vulnerability in Salesagility Suitecrm. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-50589 is a SQL injection vulnerability (CWE-89) affecting SuiteCRM versions prior to 7.12.6, specifically within the processing of the 'uid' parameter in the 'export' functionality. Rated at CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it enables attackers to manipulate database queries through unsanitized input.

Remote unauthenticated attackers can exploit this vulnerability by sending crafted requests to the export endpoint, potentially extracting sensitive data or escalating to arbitrary code execution on the server.

Advisories recommend upgrading to SuiteCRM 7.12.6 or later, as detailed in the official release notes, to mitigate the issue by addressing the insecure parameter handling.

EU & UK References

Vulnerability details

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Successful exploitation allows remote unauthenticated attackers to ultimately execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.004 Customer Relationship Management Software Collection
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in public-facing SuiteCRM (CRM software) enables unauthenticated exploitation of public-facing application (T1190) and arbitrary database queries for data collection from CRM software (T1213.004) and databases (T1213.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2019-25664Same product: Salesagility Suitecrm
CVE-2025-54788Same product: Salesagility Suitecrm
CVE-2019-25663Same product: Salesagility Suitecrm
CVE-2022-45186Same product: Salesagility Suitecrm
CVE-2022-45185Same product: Salesagility Suitecrm
CVE-2025-54785Same product: Salesagility Suitecrm
CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89

Affected Assets

salesagility
suitecrm
≤ 7.12.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SQL injection by requiring validation of untrusted inputs like the 'uid' parameter in the export functionality.

prevent

Ensures timely patching or upgrading of SuiteCRM to version 7.12.6 or later to remediate the specific SQL injection flaw.

preventdetect

Regular vulnerability scanning identifies SQL injection vulnerabilities such as CVE-2022-50589 in the export endpoint.

References