CVE-2025-64489

HIGH

Salesagility Suitecrm < 7.14.8 - Improper Privilege Management

Title source: rule
STIX 2.1

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an active session can continue to access the application and, critically, can self-reactivate their account. This undermines administrative controls and allows unauthorized persistence. This issue is fixed in versions 7.14.8 and 8.9.1.

References (3)

Scores

CVSS v3 8.3
EPSS 0.0006
EPSS Percentile 17.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (1)
salesagility/suitecrm < 7.14.8
Published Nov 08, 2025
Tracked Since Feb 18, 2026