CVE-2020-37094 – EspoCRM 5.8.5 contains an authentication bypass... (How to Fix)

Q: What is the severity of CVE-2020-37094?

CVE-2020-37094 has a CVSS score of 9.8 (CRITICAL). EspoCRM 5.8.5 contains an authentication bypass vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges. All organizations using EspoCRM 5.8.5 are affected.

📋 TL;DR

EspoCRM 5.8.5 contains an authentication bypass vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges. All organizations using EspoCRM 5.8.5 are affected.

💻 Affected Systems

Products:

EspoCRM

Versions: 5.8.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default authentication mechanism of EspoCRM 5.8.5.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the EspoCRM instance with administrative privileges, allowing data theft, system takeover, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to sensitive business data, customer information, and potential privilege escalation to administrative accounts.

🟢

If Mitigated

Limited impact if proper network segmentation, monitoring, and authentication controls are in place to detect and block unauthorized access attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.6 or later

Vendor Advisory: https://www.espocrm.com

Restart Required: No

Instructions:

1. Backup your EspoCRM instance and database. 2. Download the latest version from the official EspoCRM website. 3. Follow the EspoCRM upgrade documentation to apply the update. 4. Verify the update was successful by checking the version number.

🔧 Temporary Workarounds

Temporary Access Restriction

linux

Restrict network access to the EspoCRM instance while patching.

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate the EspoCRM instance from critical systems.
Enable detailed logging and monitoring for authentication attempts and privilege escalation activities.

🔍 How to Verify

Check if Vulnerable:

Check the EspoCRM version in the admin panel or by examining the application files. If version is 5.8.5, the system is vulnerable.

Check Version:

Check the version in the EspoCRM admin interface under Settings > About.

Verify Fix Applied:

After updating, verify the version number shows 5.8.6 or later in the admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login from unusual IP addresses
Authentication logs showing successful logins with modified authorization headers

Network Indicators:

Unusual HTTP requests containing manipulated Authorization headers
Traffic patterns indicating privilege escalation attempts

SIEM Query:

source="espocrm.logs" AND (event="authentication_failure" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2020-37094

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-639

Published: February 3, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37094, you might also want to check these: