CVE-2025-64489 - SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive Us...

CVE ID : CVE-2025-64489 Published : Nov. 8, 2025, 1:15 a.m. | 15 minutes ago Description : SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an active session can continue to access the application and, critically, can self-reactivate their account. This undermines administrative controls and allows unauthorized persistence. This issue is fixed in versions 7.14.8 and 8.9.1. Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...