CVE-2025-52575

EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f	Patch
https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-21 18:15

Updated : 2025-08-05 17:53

NVD link : CVE-2025-52575

Mitre link : CVE-2025-52575

CVE.ORG link : CVE-2025-52575

JSON object : View

Products Affected

espocrm

espocrm

CWE

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

{"id": "CVE-2025-52575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-07-21T18:15:28.077", "references": [{"url": "https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-90"}]}], "descriptions": [{"lang": "en", "value": "EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7."}, {"lang": "es", "value": "EspoCRM es un Open Source CRM (Customer Relationship Management) . Las versiones 9.1.6 y anteriores de EspoCRM son vulnerables a la inyecci\u00f3n LDAP ciega cuando la autenticaci\u00f3n LDAP est\u00e1 habilitada. Un atacante remoto no autenticado puede manipular las consultas LDAP inyectando una entrada manipulada que contenga caracteres comod\u00edn (p. ej., *). Esto puede permitir al atacante eludir los controles de autenticaci\u00f3n, enumerar nombres de usuario v\u00e1lidos o recuperar informaci\u00f3n confidencial del directorio, dependiendo de la configuraci\u00f3n del servidor LDAP. Esto se solucion\u00f3 en la versi\u00f3n 9.1.7."}], "lastModified": "2025-08-05T17:53:32.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:espocrm:espocrm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "478B4EF0-8995-4F0A-BD6C-79C9704CD26E", "versionEndExcluding": "9.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}