Details of VAR-202505-3051

ID

VAR-202505-3051

CVE

CVE-2025-45753

TITLE

Vtiger of Vtiger CRM Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006737

DESCRIPTION

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Vtiger of Vtiger CRM There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-45753 // JVNDB: JVNDB-2025-006737

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	8.3.0	Trust: 1.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006737 // NVD: CVE-2025-45753

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45753
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-006737
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45753
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-006737
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006737 // NVD: CVE-2025-45753

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006737 // NVD: CVE-2025-45753

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45753	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-006737	Trust: 0.8

sources: JVNDB: JVNDB-2025-006737 // NVD: CVE-2025-45753

REFERENCES

url:	https://www.simonjuguna.com/cve-2025-45753-authenticated-remote-code-execution-vulnerability-in-vtiger-open-source-edition-v8-3-0/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45753	Trust: 0.8

sources: JVNDB: JVNDB-2025-006737 // NVD: CVE-2025-45753

SOURCES

db:	JVNDB	id:	JVNDB-2025-006737
db:	NVD	id:	CVE-2025-45753

LAST UPDATE DATE

2025-06-15T23:21:34.389000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006737	date:	2025-06-11T07:59:00
db:	NVD	id:	CVE-2025-45753	date:	2025-06-10T19:34:41.410

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006737	date:	2025-06-11T00:00:00
db:	NVD	id:	CVE-2025-45753	date:	2025-05-21T21:16:03.403