CVE-2025-54785

High

Published: 07 August 2025

Published

07 August 2025

Modified

13 August 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 30.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54785 is a high-severity Improper Input Validation (CWE-20) vulnerability in Salesagility Suitecrm. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 30.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 5 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation and sanitization of user-supplied input before processing, preventing PHP object injection via unserialize.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and patching of software flaws like this unserialize vulnerability fixed in SuiteCRM 7.14.7 and 8.8.1.

RA-5 Vulnerability Monitoring and Scanning good match

prevent

Enables vulnerability scanning and monitoring to detect and prioritize remediation of high-severity issues like CVE-2025-54785 in affected SuiteCRM versions.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.004 Customer Relationship Management Software Collection

Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.

attack.mitre.org →

T1486 Data Encrypted for Impact Impact

Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.

attack.mitre.org →

T1496.001 Compute Hijacking Impact

Adversaries may leverage the compute resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

PHP Object Injection via unsanitized unserialize enables RCE on public-facing CRM app (T1190), facilitating privilege escalation (T1068), CRM data collection/exposure (T1213.004), ransomware deployment (T1486), cryptomining (T1496.001), and DoS via exploitation (T1499.004).

NVD Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial…

of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

Deeper analysisAI

CVE-2025-54785 is a high-severity vulnerability (CVSS 3.1 score of 8.8) in SuiteCRM, an open-source enterprise Customer Relationship Management (CRM) application. It stems from a lack of validation or sanitization of user-supplied input before it is passed to PHP's unserialize function in versions 7.14.6 and 8.8.0. This flaw, associated with CWE-20 (Improper Input Validation), enables PHP object injection that could result in remote code execution, privilege escalation, sensitive data exposure, denial of service, cryptomining, or ransomware deployment.

The vulnerability can be exploited by low-privileged authenticated users (PR:L) over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N), without changing the scope (S:U). Successful exploitation grants high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H), potentially allowing attackers to execute arbitrary code, escalate privileges, exfiltrate CRM data, disrupt services, or deploy persistent threats like cryptominers or ransomware.

SuiteCRM has addressed the issue in patched versions 7.14.7 and 8.8.1, as detailed in the official release notes and GitHub Security Advisory GHSA-53cp-mpfw-qj67. Security practitioners should prioritize upgrading affected installations and review access controls for authenticated users to mitigate exposure until patching is complete.