- Description
- SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times, potentially leading to the extraction of sensitive information. It is possible for an attacker to enumerate database, table, and column names, extract sensitive data, or escalate privileges. This is fixed in version 8.9.1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- suitecrm
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
⛔️ SuiteCRM 다중 취약점 공개 — CVSS 6.5~8.8 고위험 영향 SuiteCRM에서 2개의 Blind SQL Injection 취약점이 확인됐습니다. 두 취약점 모두 “인증된 사용자”가 악용할 수 있어, DB 정보 탈취부터 경우에 따라 원격 코드 실
@CriminalIP_KR
13 Nov 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
☑️ Multiple SuiteCRM Vulnerabilities Exposed — CVSS 6.5 to 8.8 HIGH Severity 🎯 Affected Vulnerabilities CVE-2025-64492 (CVSS 8.8): Time-based Blind SQL Injection CVE-2025-64493 (CVSS 6.5): Blind SQL Injection via GraphQL API These flaws give attackers a di
@CriminalIP_US
13 Nov 2025
728 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨SuiteCRM SQL Injection Flaws CVE-2025-64492: Authenticated Time Based Blind SQL Injection CVE-2025-64493: Authenticated Blind SQL Injection via GraphQL ZoomEye Dork👉app="SuiteCRM" 24.6k+ live targets. ZoomEye Link: https://t.co/1O3iHAij5U Refer: 1. https://t.co/cVWW
@zoomeye_team
11 Nov 2025
1268 Impressions
7 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-64492, -64493: SQL Injections in SuiteCRM, 6.5 - 8.8 rating❗️ Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/X65NFRCtTT https://t.co/n17hX
@Netlas_io
11 Nov 2025
423 Impressions
2 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-64492 — SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the
@threatquarters
8 Nov 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-64492: HIGH] SuiteCRM versions 8.9.0 and below have a time-based blind SQL Injection vulnerability, allowing attackers to access sensitive data. Ensure to update to version 8.9.1 for the fix.#cve,CVE-2025-64492,#cybersecurity https://t.co/8jPal51tbD https://t.co/I53lsfG
@CveFindCom
8 Nov 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**Nature of the vulnerability:** CVE-2025-64492 is a **time-based blind SQL injection** flaw in SuiteCRM versions 8.9.0 and below. SQL injection occurs when an attacker can manipulate a database query through crafted input, potentially leading to unauthorized access, data
@CveTodo
8 Nov 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFDEB5D-4821-41F8-AEBB-38D394739DDE",
"versionEndExcluding": "8.9.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]