Strix
26.1K

CVE-2025-54786

MEDIUMCVSS 5.3/10EPSS 0.27%

Last modified

CVE-2025-54786 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.27%

18.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SalesagilitySuitecrm7.14.6
SalesagilitySuitecrm8.8.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-54786?
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated actor can view any user's meeting (calendar event) data given their username, related functionality allows user enumeration. This is fixed in versions 7.14.7 and 8.8.1.
How severe is CVE-2025-54786?
CVE-2025-54786 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2025-54786?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-54786?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST