Espocrm

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2020-37094 CRITICAL POC Act Now

EspoCRM 5.8.5 has an authentication vulnerability allowing attackers to access other user accounts through IDOR in session handling.

Authentication Bypass Espocrm
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-52892 MEDIUM POC PATCH Monitor

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Espocrm
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-32390 HIGH POC PATCH This Month

EspoCRM is a free, open-source customer relationship management platform. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Espocrm
NVD GitHub
CVSS 4.0
7.0
EPSS
0.3%
CVE-2025-32789 LOW POC PATCH Monitor

EspoCRM is an Open Source Customer Relationship Management software. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Espocrm
NVD GitHub
CVSS 3.1
3.1
EPSS
0.2%
CVE-2025-32385 MEDIUM POC This Month

EspoCRM is an Open Source Customer Relationship Management software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2020-37094
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

EspoCRM 5.8.5 has an authentication vulnerability allowing attackers to access other user accounts through IDOR in session handling.

Authentication Bypass Espocrm
NVD Exploit-DB
CVE-2025-52892
EPSS 0% CVSS 4.5
MEDIUM POC PATCH Monitor

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Espocrm
NVD GitHub
CVE-2025-32390
EPSS 0% CVSS 7.0
HIGH POC PATCH This Month

EspoCRM is a free, open-source customer relationship management platform. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Espocrm
NVD GitHub
CVE-2025-32789
EPSS 0% CVSS 3.1
LOW POC PATCH Monitor

EspoCRM is an Open Source Customer Relationship Management software. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Espocrm
NVD GitHub
CVE-2025-32385
EPSS 0% CVSS 5.3
MEDIUM POC This Month

EspoCRM is an Open Source Customer Relationship Management software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy