Cyber Resilience

CVE-2025-54785

High

Published: 07 August 2025

Published
07 August 2025
Modified
13 August 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0030 53.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-54785 is a high-severity Improper Input Validation (CWE-20) vulnerability in Salesagility Suitecrm. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-54785 is a high-severity vulnerability (CVSS 3.1 score of 8.8) in SuiteCRM, an open-source enterprise Customer Relationship Management (CRM) application. It stems from a lack of validation or sanitization of user-supplied input before it is passed to PHP's unserialize function in versions 7.14.6 and 8.8.0. This flaw, associated with CWE-20 (Improper Input Validation), enables PHP object injection that could result in remote code execution, privilege escalation, sensitive data exposure, denial of service, cryptomining, or ransomware deployment.

The vulnerability can be exploited by low-privileged authenticated users (PR:L) over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N), without changing the scope (S:U). Successful exploitation grants high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H), potentially allowing attackers to execute arbitrary code, escalate privileges, exfiltrate CRM data, disrupt services, or deploy persistent threats like cryptominers or ransomware.

SuiteCRM has addressed the issue in patched versions 7.14.7 and 8.8.1, as detailed in the official release notes and GitHub Security Advisory GHSA-53cp-mpfw-qj67. Security practitioners should prioritize upgrading affected installations and review access controls for authenticated users to mitigate exposure until patching is complete.

EU & UK References

Vulnerability details

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial…

more

of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.004 Customer Relationship Management Software Collection
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.
T1486 Data Encrypted for Impact Impact
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
T1496.001 Compute Hijacking Impact
Adversaries may leverage the compute resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

PHP Object Injection via unsanitized unserialize enables RCE on public-facing CRM app (T1190), facilitating privilege escalation (T1068), CRM data collection/exposure (T1213.004), ransomware deployment (T1486), cryptomining (T1496.001), and DoS via exploitation (T1499.004).

CVEs Like This One

CVE-2025-54788Same product: Salesagility Suitecrm
CVE-2019-25663Same product: Salesagility Suitecrm
CVE-2019-25664Same product: Salesagility Suitecrm
CVE-2022-50589Same product: Salesagility Suitecrm
CVE-2022-45186Same product: Salesagility Suitecrm
CVE-2022-45185Same product: Salesagility Suitecrm
CVE-2026-2750Shared CWE-20
CVE-2025-71003Shared CWE-20
CVE-2026-26310Shared CWE-20
CVE-2025-59886Shared CWE-20

Affected Assets

salesagility
suitecrm
7.14.6, 8.8.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of user-supplied input before processing, preventing PHP object injection via unserialize.

prevent

Mandates timely identification, reporting, and patching of software flaws like this unserialize vulnerability fixed in SuiteCRM 7.14.7 and 8.8.1.

prevent

Enables vulnerability scanning and monitoring to detect and prioritize remediation of high-severity issues like CVE-2025-54785 in affected SuiteCRM versions.

References