salesagility suitecrm Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of salesagility suitecrm's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical8

High30

Medium20

Low3

44 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of salesagility suitecrm's CVEs are currently listed in CISA's KEV catalog.

Public exploits

25 of salesagility suitecrm's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every salesagility suitecrm version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

7.9.1590 CVEs
v7.10.090 CVEs
v7.10.190 CVEs
v7.10.1390 CVEs
v7.10.1490 CVEs
v7.10.1590 CVEs
v7.10.1690 CVEs
v7.10.290 CVEs
v7.10.390 CVEs
v7.10.490 CVEs
v7.10.590 CVEs
v7.10.690 CVEs
v7.10.790 CVEs
v7.8.1290 CVEs
v7.8.1490 CVEs
v7.8.1590 CVEs
v7.8.1690 CVEs
v7.8.1790 CVEs
v7.8.1890 CVEs
v7.8.1990 CVEs
v7.8.2090 CVEs
v7.9.1690 CVEs
v7.9.1790 CVEs
v7.10.1089 CVEs
v7.10.889 CVEs
v7.10.989 CVEs
v7.10.1188 CVEs
v7.10.1288 CVEs
v7.10.1786 CVEs
v7.10.1886 CVEs
v7.10.1985 CVEs
v7.10.2082 CVEs
v7.10.2179 CVEs
v7.10.2279 CVEs
v7.11.076 CVEs
v7.11.175 CVEs
v7.11.1075 CVEs
v7.11.275 CVEs
v7.11.375 CVEs
v7.11.475 CVEs
v7.11.575 CVEs
v7.11.675 CVEs
v7.11.775 CVEs
v7.11.875 CVEs
v7.11.975 CVEs
7.9.674 CVEs
v.7.9.1174 CVEs
v7.10-beta74 CVEs
v7.10-beta-274 CVEs
v7.10-beta-374 CVEs
v7.10-RC74 CVEs
v7.10-RC-274 CVEs
v7.11.1174 CVEs
v7.8.074 CVEs
v7.8.174 CVEs
v7.8.1074 CVEs
v7.8.1174 CVEs
v7.8.1374 CVEs
v7.8.274 CVEs
v7.8.374 CVEs
v7.8.474 CVEs
v7.8.574 CVEs
v7.8.674 CVEs
v7.8.774 CVEs
v7.8.874 CVEs
v7.8.974 CVEs
v7.9.074 CVEs
v7.9.0-beta74 CVEs
v7.9.0-rc74 CVEs
v7.9.174 CVEs
v7.9.1074 CVEs
v7.9.1174 CVEs
v7.9.1274 CVEs
v7.9.1374 CVEs
v7.9.1474 CVEs
v7.9.274 CVEs
v7.9.374 CVEs
v7.9.474 CVEs
v7.9.574 CVEs
v7.9.774 CVEs
v7.9.874 CVEs
v7.9.974 CVEs
v7.11-beta73 CVEs
v7.11-rc73 CVEs
v7.11-rc-273 CVEs
7.2.271 CVEs
v7.0.171 CVEs
v7.0.271 CVEs
v7.171 CVEs
v7.1.171 CVEs
v7.1.271 CVEs
v7.1.371 CVEs
v7.1.471 CVEs
v7.1.571 CVEs
v7.1beta71 CVEs
v7.1beta271 CVEs
v7.1RC71 CVEs
v7.1RC271 CVEs
v7.271 CVEs
v7.2.171 CVEs
v7.2.271 CVEs
v7.2.371 CVEs
v7.2.471 CVEs
v7.2beta71 CVEs
v7.2beta271 CVEs
v7.2beta371 CVEs
v7.371 CVEs
v7.3-beta71 CVEs
v7.3.171 CVEs
v7.3.271 CVEs
v7.3beta371 CVEs
v7.471 CVEs
v7.4-beta71 CVEs
v7.4-beta.271 CVEs
v7.4.171 CVEs
v7.4.271 CVEs
v7.4.371 CVEs
v7.5-beta71 CVEs
v7.5-beta.271 CVEs
v7.5-rc71 CVEs
v7.5.171 CVEs
v7.5.271 CVEs
v7.5.371 CVEs
v7.671 CVEs
v7.6-beta-171 CVEs
v7.6-beta.271 CVEs
v7.6-rc71 CVEs
v7.6.171 CVEs
v7.6.271 CVEs
v7.6.371 CVEs
v7.6.471 CVEs
v7.6.571 CVEs
v7.6.671 CVEs
v7.771 CVEs
v7.7-beta171 CVEs
v7.7-beta271 CVEs
v7.7-rc71 CVEs
v7.7-rc271 CVEs
v7.7.171 CVEs
v7.7.271 CVEs
v7.7.371 CVEs
v7.7.471 CVEs
v7.7.571 CVEs
v7.7.671 CVEs
v7.7.771 CVEs
v7.7.871 CVEs
v7.7.971 CVEs
v7.8.0-beta71 CVEs
v7.8.0-beta.271 CVEs
v7.8.0-rc71 CVEs
v7.11.1270 CVEs
v7.11.1370 CVEs
v7.10.2367 CVEs
v7.11.1467 CVEs
v7.11.1567 CVEs
v7.11.1667 CVEs
v7.11.1766 CVEs
v7.11.1866 CVEs
v7.11.1962 CVEs
v7.11.2062 CVEs
v7.11.2160 CVEs
v7.11.2257 CVEs
v7.12-rc57 CVEs
v7.12.057 CVEs
v7.12.157 CVEs
v7.12.254 CVEs
v7.12.351 CVEs
v7.12.451 CVEs
v7.12.547 CVEs
v7.12.645 CVEs
v7.12.745 CVEs
v7.12.843 CVEs
v7.14.043 CVEs
v7.12.1042 CVEs
v7.12.1142 CVEs
v7.12.1242 CVEs
v7.12.942 CVEs
v7.13.042 CVEs
v7.13.0-beta42 CVEs
v7.13.142 CVEs
v7.13.242 CVEs
v7.13.342 CVEs
v7.13.442 CVEs
v7.14.0-beta42 CVEs
v7.14.140 CVEs
v7.14.232 CVEs
v7.14.330 CVEs
v7.14.417 CVEs
v7.14.516 CVEs
< 7.14.413 CVEs
>= 8.0.0, < 8.6.113 CVEs
v8.0.012 CVEs
v8.0.111 CVEs
v7.14.610 CVEs
v8.0.0-beta.18 CVEs
v8.0.0-beta.28 CVEs
v8.0.0-beta.38 CVEs
v8.0.0-rc8 CVEs
v8.0.28 CVEs
v8.0.38 CVEs
v8.0.47 CVEs
v8.1.07 CVEs
v8.1.17 CVEs
v8.1.27 CVEs
v8.1.37 CVEs
v8.2.07 CVEs
v8.2.0-beta.27 CVEs
v8.2.17 CVEs
v8.2.27 CVEs
v8.2.37 CVEs
v8.2.47 CVEs
v8.3.07 CVEs
v8.3.17 CVEs
v8.4.07 CVEs
v8.4.0-beta7 CVEs
< 7.14.66 CVEs
>= 8.0.0, < 8.7.16 CVEs
v7.14.74 CVEs
< 7.14.51 CVE
>= 8.0.0, < 8.6.21 CVE

Fixed in

8.6.114 CVEs
504d6f0ebd5847169d73c52d312e91916a7280bb13 CVEs
7.14.413 CVEs
436f4210ed42ea37d86951b428b0bf18b38cf7c27 CVEs
54bc56c3bd9f1db75408db1c1d7d652c3f5f71e97 CVEs
7.12.147 CVEs
7.14.66 CVEs
8.7.16 CVEs
e572230abd0dad205b24a96acce72590b20bf69d6 CVEs
0ae16be4f011d3b1d8174d8eb712c2ebbf51327b5 CVEs
7.10.235 CVEs
7.11.115 CVEs

Default status

All versions1 CVE

Find a version

105 CVEs

Sort

SuiteCRM 7.10.7 SQL Injection via record Parameter
CVE-2019-25664
Public exploit
CWE-89
High · CVSS 7.1
EPSS 0.1% (18th pct)2026-04-05
SuiteCRM 7.10.7 SQL Injection via parentTab Parameter
CVE-2019-25663
Public exploit
CWE-89
High · CVSS 7.1
EPSS 0.1% (18th pct)2026-04-05
SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
CVE-2025-64493
Public exploit
Patch
CWE-89
Medium · CVSS 6.5
EPSS 0.0% (13th pct)2025-11-08
SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
CVE-2025-64492
Patch
CWE-89
High · CVSS 8.8
EPSS 0.0% (12th pct)2025-11-08
SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page
CVE-2025-64491
Public exploit
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.0% (8th pct)2025-11-08
SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
CVE-2025-64490
Patch
CWE-863
High · CVSS 8.3
EPSS 0.1% (20th pct)2025-11-08
SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
CVE-2025-64489
Patch
CWE-269
High · CVSS 8.3
EPSS 0.1% (20th pct)2025-11-08
SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
CVE-2025-64488
Patch
CWE-89
High · CVSS 8.6
EPSS 0.1% (26th pct)2025-11-07
SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality
CVE-2022-50590
Patch
CWE-843
High · CVSS 8.8
EPSS 0.0% (13th pct)2025-11-06
SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality
CVE-2022-50589
Patch
CWE-89
Critical · CVSS 9.3
EPSS 0.2% (45th pct)2025-11-06
Reflected Cross-Site Scripting (XSS) in SuiteCRM
CVE-2025-41384
Patch
CWE-79
Medium · CVSS 5.1
EPSS 0.0% (7th pct)2025-10-27
SuiteCRM: Improper Authorization for attachment downloads
CVE-2025-54787
Patch
CWE-285
Low · CVSS 3.7
EPSS 0.2% (37th pct)2025-08-07
SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer
CVE-2025-54784
Patch
CWE-79
High · CVSS 8.6
EPSS 0.2% (40th pct)2025-08-07
SuiteCRM: Reflected Cross Site Scripting (XSS) through HTTP Referrer header
CVE-2025-54783
Patch
CWE-79
Medium · CVSS 5.1
EPSS 0.2% (40th pct)2025-08-07
SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module
CVE-2025-54788
Patch
CWE-89
High · CVSS 8.8
EPSS 0.4% (61th pct)2025-08-06
SuiteCRM: Legacy iCal service allows unauthenticated access to meeting data
CVE-2025-54786
Patch
CWE-200
Medium · CVSS 5.3
EPSS 0.2% (39th pct)2025-08-06
SuiteCRM is Vulnerable to PHP Object Injection in Reports
CVE-2025-54785
Patch
CWE-20
High · CVSS 8.8
EPSS 0.3% (54th pct)2025-08-06
High vulnerability · 2025-01-07
CVE-2022-45186
Public exploit
High · CVSS 8.1
EPSS 0.2% (38th pct)2025-01-07
High vulnerability · 2025-01-07
CVE-2022-45185
Public exploit
CWE-502
High · CVSS 8.8
EPSS 0.4% (59th pct)2025-01-07
Medium vulnerability · 2024-11-05
CVE-2024-50335
Patch
CWE-79
Medium · CVSS 4.9
EPSS 0.8% (75th pct)2024-11-05
Medium vulnerability · 2024-11-05
CVE-2024-50333
Patch
CWE-20
Medium · CVSS 6.6
EPSS 0.1% (28th pct)2024-11-05
High vulnerability · 2024-11-05
CVE-2024-50332
Patch
CWE-89
High · CVSS 8.8
EPSS 0.2% (37th pct)2024-11-05
High vulnerability · 2024-11-05
CVE-2024-49774
Patch
CWE-20
High · CVSS 7.2
EPSS 0.0% (12th pct)2024-11-05
Medium vulnerability · 2024-11-05
CVE-2024-49773
Patch
CWE-89
Medium · CVSS 5.3
EPSS 0.1% (35th pct)2024-11-05
High vulnerability · 2024-11-05
CVE-2024-49772
Patch
CWE-89
High · CVSS 8.8
EPSS 0.2% (37th pct)2024-11-05
High vulnerability · 2024-09-05
CVE-2024-45392
Patch
CWE-284
High · CVSS 7.7
EPSS 0.1% (26th pct)2024-09-05
Medium vulnerability · 2024-06-10
CVE-2024-36419
Patch
CWE-601
Medium · CVSS 4.3
EPSS 0.3% (51th pct)2024-06-10
High vulnerability · 2024-06-10
CVE-2024-36418
Patch
CWE-22
High · CVSS 8.6
EPSS 6.2% (91th pct)2024-06-10
High vulnerability · 2024-06-10
CVE-2024-36416
Patch
CWE-779
High · CVSS 8.6
EPSS 44.7% (98th pct)2024-06-10
Medium vulnerability · 2024-06-10
CVE-2024-36417
Patch
CWE-79
Medium · CVSS 5.7
EPSS 0.8% (74th pct)2024-06-10

Showing 30 of 105

Severity and exploitation

salesagility suitecrm Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Default status

Common weakness types

Disclosure activity by year

Other salesagility products

Frequently asked questions

How many CVEs does salesagility suitecrm have?

How many salesagility suitecrm CVEs are in CISA KEV?

Are there public exploits for salesagility suitecrm vulnerabilities?

Which versions of salesagility suitecrm are affected?

What are the most common weakness types in salesagility suitecrm CVEs?

How many critical salesagility suitecrm vulnerabilities are there?

What is the average severity of salesagility suitecrm CVEs?

References

Track salesagility suitecrm vulnerabilities