Known exploited
SugarCRM
CVE published 2023-02-02
CVE-2023-22952
CVE-2023-22952 affects multiple SugarCRM products and is cataloged by CISA as a Known Exploited Vulnerability. Treat it as a high-priority remediation item, especially for internet-facing or broadly reachable SugarCRM deployments. CISA’s KEV entry sets a remediation due date of 2023-02-23 and points to the vendor’s security guidance for updates.