CVE-2025-45753

HIGH

vtiger CRM Open Source Edition 8.3.0 - Authenticated Remote Code Execution via ZIP Import Module Import

Title source: llm

Description

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.

References (1)

Core 1

Core References

Third Party Advisory

https://www.simonjuguna.com/cve-2025-45753-authenticated-remote-code-execution-vulnerability-in-vtiger-open-source-edition-v8-3-0/

Scores

CVSS v3 7.2

EPSS 0.0038

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

vtiger/vtiger_crm 8.3.0

Published May 21, 2025

Tracked Since Feb 18, 2026