Details of VAR-202502-1747

ID

VAR-202502-1747

CVE

CVE-2025-1618

TITLE

Vtiger of Vtiger CRM Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025536

DESCRIPTION

A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. The exploitation methods for this vulnerability are publicly available and can be exploited. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software

Trust: 1.62

sources: NVD: CVE-2025-1618 // JVNDB: JVNDB-2025-025536

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	lt	version:	7.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	6.4.0 that's all 7.0	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-025536 // NVD: CVE-2025-1618

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-1618
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-1618
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-025536
value:	MEDIUM
Trust: 0.8

cna@vuldb.com:	CVE-2025-1618
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-025536
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2025-1618
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-1618
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-025536
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-025536 // NVD: CVE-2025-1618 // NVD: CVE-2025-1618

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025536 // NVD: CVE-2025-1618

PATCH

title:

vtiger Vtiger CRM 6.4.0 Reflected Cross-Site Scripting

url:

https://vuldb.com/?id.296608

Trust: 0.8

sources: JVNDB: JVNDB-2025-025536

EXTERNAL IDS

db:	NVD	id:	CVE-2025-1618	Trust: 2.6
db:	VULDB	id:	296608	Trust: 1.0
db:	JVNDB	id:	JVNDB-2025-025536	Trust: 0.8

sources: JVNDB: JVNDB-2025-025536 // NVD: CVE-2025-1618

REFERENCES

url:	https://www.vtiger.com/	Trust: 1.8
url:	https://vuldb.com/?id.296608	Trust: 1.0
url:	https://vuldb.com/?ctiid.296608	Trust: 1.0
url:	https://vuldb.com/?submit.501840	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-1618	Trust: 0.8

sources: JVNDB: JVNDB-2025-025536 // NVD: CVE-2025-1618

SOURCES

db:	JVNDB	id:	JVNDB-2025-025536
db:	NVD	id:	CVE-2025-1618

LAST UPDATE DATE

2026-01-31T23:37:50.899000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-025536	date:	2026-01-30T05:12:00
db:	NVD	id:	CVE-2025-1618	date:	2026-01-29T02:11:45.417

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-025536	date:	2026-01-30T00:00:00
db:	NVD	id:	CVE-2025-1618	date:	2025-02-24T05:15:10.980