CVE-2025-52892

EPSS 0.04%
Veröffentlicht 05.08.2025 00:17:16
Zuletzt bearbeitet 11.09.2025 17:14:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and the webserver does not strip the double slash, it can cause a corrupted Slim router's cache. This will make the instance unusable until there is a completed rebuild. This is fixed in version 9.1.7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Espocrm ≫ Espocrm Version < 9.1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://github.com/espocrm/espocrm/security/advisories/GHSA-26x2-6wch-j8pf

Vendor Advisory

https://github.com/espocrm/espocrm/commit/929611f317ce8892ea75873b0ab3094c0c510ff3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-52892

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52892

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52892

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-52892