CVE-2025-67486: High Vulnerability in Dolibarr ERP/CRM

CVE-2025-67486 is a high-severity vulnerability found in Dolibarr, an enterprise resource planning (ERP) and customer relationship management (CRM) software package. This vulnerability allows authenticated administrators to execute arbitrary PHP code on the server. The flaw is rooted in the user extrafields functionality, where user-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization. As of the publication date, no patched versions are available, making this a pressing issue for organizations.

The CVSS score for this vulnerability is 8.6, indicating a high severity level. This score reflects the potential for significant impact, as the vulnerability enables remote code execution with high privileges, potentially compromising confidentiality, integrity, and availability. Organizations using Dolibarr versions 22.0.2 and earlier should prioritize addressing this vulnerability to mitigate risks.

Risk to organizations includes unauthorized access to sensitive data and the ability to manipulate system functionality. The low attack complexity combined with the requirement for high privileges means that this vulnerability is particularly dangerous in environments where administration permissions are loosely controlled. Given the critical nature of this flaw, organizations should prioritize patching immediately.

As of now, there are no known exploits available for this vulnerability, but the nature of the flaw indicates that it could be exploited by attackers who gain access to administrative credentials. Organizations should remain vigilant and monitor for any signs of exploitation as they await a fix.

Vulnerability Details

The official description of CVE-2025-67486 states that it affects Dolibarr versions 22.0.2 and earlier. This vulnerability falls under the CWE-74 category, indicating improper neutralization of special elements used in an OS command (OS Command Injection). The CVSS score of 8.6 suggests a high-risk level, primarily due to its potential for remote code execution under high-privilege conditions.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of user input in the "computed value" field within Dolibarr's user extrafields functionality. When this input is processed, it is directly passed to the eval() function in PHP without sufficient sanitization, which allows attackers to execute arbitrary code. The vulnerability can be exploited over a network (attack vector: NETWORK) with low attack complexity. It requires high privileges to exploit, indicating that authenticated administrators must be targeted.

Risk & Impact Analysis

The real-world risk posed by CVE-2025-67486 is significant, particularly for organizations that rely on Dolibarr for critical ERP and CRM functionality. The potential for a successful exploit to lead to unauthorized access to sensitive data or control over the application represents a major concern. The blast radius could extend to any systems interfacing with Dolibarr, leading to cascading effects across an organization’s IT infrastructure. Due to the high severity and the lack of available patches, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Affected Versions

Affected versions include Dolibarr ERP/CRM 22.0.2 and earlier. Organizations using these versions should prepare for mitigation actions as no patches are currently available.

Mitigation & Remediation

Organizations using affected versions of Dolibarr should prioritize patching immediately. Although no patches are available at this time, monitoring for updates from the vendor is essential. In the meantime, consider implementing stringent access controls to limit administrative privileges and reduce the potential attack surface. Implementing network controls to restrict access to the Dolibarr application can also help mitigate risks. For further guidance on improving security, organizations can refer to best practices in application security assessment.

Detection Guidance

Organizations should monitor logs for unusual activities associated with administrative actions within Dolibarr. Behavioral anomalies such as unexpected PHP code execution can indicate an exploit attempt. Additionally, network signatures that flag unauthorized access attempts should be established to enhance detection capabilities.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-67486 lies in its representation of critical vulnerabilities within widely-used ERP and CRM systems. This incident highlights the need for robust input validation mechanisms to prevent similar vulnerabilities in the future. Security teams should learn from this case to strengthen their defenses against potential exploits. It is crucial for organizations to prioritize regular security assessments and maintain an updated understanding of their software vulnerabilities. Implementing continuous security testing can help organizations proactively identify and remediate vulnerabilities.

For more information on penetration testing methodologies, organizations can refer to our detailed guide on penetration testing methodology and strategies to enhance their security posture.