What is the CVSS score of CVE-2025-54787?

CVE-2025-54787 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Suitecrm are affected by CVE-2025-54787?

CVE-2025-54787 is a low-severity vulnerability in SuiteCRM (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

How to fix or mitigate CVE-2025-54787?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Suitecrm CVE-2025-54787

LOW

Improper Authorization (CWE-285)

2025-08-07 security-advisories@github.com

Authentication Bypass Suitecrm

3.7

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

3.7 LOW

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:05 vuln.today

CVE Published

Aug 07, 2025 - 22:15 nvd

LOW 3.7

DescriptionGitHub Advisory

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID. Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.

AnalysisAI

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-285. SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID. Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7. Affected products include: Salesagility Suitecrm. Version information: version 7.14.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-54787 vulnerability details – vuln.today

Back

Suitecrm CVE-2025-54787

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code