Primary

Context

SuiteCRM Authenticated Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in SuiteCRM modules, affecting versions 7.15.0 and prior, as well as 8.9.2 and prior. This vulnerability allows authenticated users to execute arbitrary PHP code or operating system commands, potentially leading to unauthorized access, modification, or deletion of data. The issue has been patched in SuiteCRM versions 7.15.1 and 8.9.3.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary code on the server, which could lead to unauthorized access, modification, or deletion of data. According to the CVSS, this vulnerability has a high severity score of 7.2.

Remediation

Users can upgrade to SuiteCRM versions 7.15.1 or 8.9.3 to address this vulnerability.

Added: Mar 19, 2026, 11:27 PM

Updated: Mar 19, 2026, 11:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Authenticated Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating