HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2025-67486 — Dolibarr is an enterprise resource planning (ERP) and customer relationship mana...

·Source: NIST NVD

Updated:

Executive Summary

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization, allowing authenticated administrators

Analysis

Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization, allowing authenticated administrators to execute arbitrary PHP code on the server. As of time of publication, no patched versions are available. CVSS Score: 7.2. Published: 2026-05-08T15:16:35.043.

Indicators of Compromise (1)

CVE (1)
CVE-2025-67486
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.