Details of VAR-202505-3447

ID

VAR-202505-3447

CVE

CVE-2025-45755

TITLE

Vtiger of Vtiger CRM Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-006629

DESCRIPTION

A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution

Trust: 1.62

sources: NVD: CVE-2025-45755 // JVNDB: JVNDB-2025-006629

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	8.3.0	Trust: 1.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-006629 // NVD: CVE-2025-45755

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45755
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-006629
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-45755
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-006629
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-006629 // NVD: CVE-2025-45755

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-006629 // NVD: CVE-2025-45755

EXTERNAL IDS

db:	NVD	id:	CVE-2025-45755	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-006629	Trust: 0.8

sources: JVNDB: JVNDB-2025-006629 // NVD: CVE-2025-45755

REFERENCES

url:	https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/	Trust: 1.8
url:	https://www.vtiger.com/open-source-crm/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-45755	Trust: 0.8

sources: JVNDB: JVNDB-2025-006629 // NVD: CVE-2025-45755

SOURCES

db:	JVNDB	id:	JVNDB-2025-006629
db:	NVD	id:	CVE-2025-45755

LAST UPDATE DATE

2025-06-12T23:22:22.544000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-006629	date:	2025-06-11T02:01:00
db:	NVD	id:	CVE-2025-45755	date:	2025-06-10T19:34:54.193

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-006629	date:	2025-06-11T00:00:00
db:	NVD	id:	CVE-2025-45755	date:	2025-05-21T20:15:32.227