{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T10:45:47.871","vulnerabilities":[{"cve":{"id":"CVE-2025-64489","sourceIdentifier":"security-advisories@github.com","published":"2025-11-08T01:15:38.607","lastModified":"2025-11-25T17:31:42.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an active session can continue to access the application and, critically, can self-reactivate their account. This undermines administrative controls and allows unauthorized persistence. This issue is fixed in versions 7.14.8 and 8.9.1."},{"lang":"es","value":"SuiteCRM es una aplicación de software de Gestión de Relaciones con Clientes (CRM) de código abierto y lista para empresas. Las versiones 7.14.7 y anteriores, 8.0.0-beta.1 hasta la 8.9.0, contienen una vulnerabilidad de escalada de privilegios donde las sesiones de usuario no se invalidan tras la desactivación de la cuenta. Un usuario inactivo con una sesión activa puede seguir accediendo a la aplicación y, críticamente, puede reactivar su propia cuenta. Esto socava los controles administrativos y permite la persistencia no autorizada. Este problema se ha solucionado en las versiones 7.14.8 y 8.9.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*","versionEndExcluding":"7.14.8","matchCriteriaId":"37968BEF-2577-4B8F-AE06-8C9DCEB9C84B"},{"vulnerable":true,"criteria":"cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.9.1","matchCriteriaId":"5DFDEB5D-4821-41F8-AEBB-38D394739DDE"}]}]}],"references":[{"url":"https://github.com/SuiteCRM/SuiteCRM-Core/commit/30277cfe69755f7360a23d4805e06a5c38f14131","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/SuiteCRM/SuiteCRM/commit/40da2845a170832a4e9e9fa0ebe731f8c34de42d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-j6jg-9jj3-q2ph","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}