CVE-2025-54788 – SuiteCRM InboundEmail SQL Injection Vulnerability

CVE ID : CVE-2025-54788

Published : Aug. 7, 2025, 12:15 a.m. | 1 hour, 12 minutes ago

Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…