{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "7.14.8"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "40da2845a170832a4e9e9fa0ebe731f8c34de42d"
            }
          ],
          "repo": "https://github.com/salesagility/suitecrm",
          "type": "GIT"
        }
      ]
    },
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "8.0.0"
              },
              {
                "last_affected": "8.9.0"
              }
            ]
          },
          "events": [
            {
              "introduced": "55c1ee9cbdf409ed41c04da0bbf442b311a3ab57"
            },
            {
              "last_affected": "4fab102ce6e1840811ae1b3e28a04355f7dc6f3d"
            }
          ],
          "repo": "https://github.com/salesagility/suitecrm-core",
          "type": "GIT"
        }
      ]
    },
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "40da2845a170832a4e9e9fa0ebe731f8c34de42d"
            }
          ],
          "repo": "https://github.com/suitecrm/suitecrm",
          "type": "GIT"
        }
      ]
    },
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "10ad06e4509bf733dd65d56fc4c9431da38c59ea"
            },
            {
              "fixed": "682dd9bc23bec55d05b8c5cae9f259e242d3b6cc"
            }
          ],
          "repo": "https://github.com/suitecrm/suitecrm-core",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-5v53-v44q-ww2c"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64488.json"
  },
  "details": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious call_id that alters the logic of the SQL query or injects arbitrary SQL. An attack can lead to unauthorized data access and data ex-filtration, complete database compromise, and other various issues. This issue is fixed in versions 7.14.8 and 8.9.1.",
  "id": "CVE-2025-64488",
  "modified": "2026-04-01T23:08:54.050238281Z",
  "published": "2025-11-07T23:59:46.011Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64488.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-5v53-v44q-ww2c"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64488"
    },
    {
      "type": "FIX",
      "url": "https://github.com/SuiteCRM/SuiteCRM-Core/commit/30277cfe69755f7360a23d4805e06a5c38f14131"
    },
    {
      "type": "FIX",
      "url": "https://github.com/SuiteCRM/SuiteCRM/commit/40da2845a170832a4e9e9fa0ebe731f8c34de42d"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module"
}