Vulnerability Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Salesagility | Suitecrm | < 7.14.7 |
Related Weaknesses (CWE)
References
- https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7Release Notes
- https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-vqrj-gp9m-8c6rVendor Advisory
FAQ
What is CVE-2025-54783?
CVE-2025-54783 is a vulnerability with a CVSS score of 6.1 (MEDIUM). SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vuln...
How severe is CVE-2025-54783?
CVE-2025-54783 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-54783?
Check the references section above for vendor advisories and patch information. Affected products include: Salesagility Suitecrm.