3 matches found
CVE-2025-54787
CVE-2025-54787 affects SuiteCRM 7.14.6. There is a vulnerability that allows unauthenticated downloads of files from the upload directory when the file is named by an ID (e.g., attachments). An unauthenticated attacker could download internal files by discovering a valid file-ID, with IDs often b...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...