CVE-2025-56588 – Dolibarr ERP & CRM version 21.0.1 contains a re... (How to Fix)

Q: What is the severity of CVE-2025-56588?

CVE-2025-56588 has a CVSS score of 8.8 (HIGH). Dolibarr ERP & CRM version 21.0.1 contains a remote code execution vulnerability in the User module configuration via the computed field parameter. This allows attackers to execute arbitrary code on affected systems. Organizations using Dolibarr v21.0.1 are affected.

📋 TL;DR

Dolibarr ERP & CRM version 21.0.1 contains a remote code execution vulnerability in the User module configuration via the computed field parameter. This allows attackers to execute arbitrary code on affected systems. Organizations using Dolibarr v21.0.1 are affected.

💻 Affected Systems

Products:

Dolibarr ERP & CRM

Versions: 21.0.1

Operating Systems: All platforms running Dolibarr

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the User module configuration with computed field parameter functionality.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, or pivot to other systems.

🟠

Likely Case

Attackers gain unauthorized access to the Dolibarr system, potentially accessing business data, financial information, or customer records.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Research indicates exploitation details are publicly available via GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Dolibarr official releases for version >21.0.1

Vendor Advisory: http://dolibarr.com

Restart Required: No

Instructions:

1. Backup your Dolibarr installation and database. 2. Download the latest patched version from Dolibarr official website. 3. Replace affected files with patched versions. 4. Verify functionality.

🔧 Temporary Workarounds

Disable User Module

all

Temporarily disable the User module to prevent exploitation.

Navigate to Dolibarr admin panel > Modules/Applications > Disable 'User' module

Restrict Access

all

Limit access to Dolibarr administration interface to trusted IP addresses only.

Add firewall rules to restrict access to Dolibarr web port (typically 80/443) from authorized IPs only

🧯 If You Can't Patch

Implement strict network segmentation to isolate Dolibarr from critical systems
Enable detailed logging and monitoring for suspicious activities in Dolibarr

🔍 How to Verify

Check if Vulnerable:

Check Dolibarr version in admin panel or via 'cat dolibarr_version.txt' in installation directory.

Check Version:

cat /path/to/dolibarr/dolibarr_version.txt

Verify Fix Applied:

Verify version is updated beyond 21.0.1 and test User module computed field functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to User module configuration endpoints
Suspicious system command execution in web server logs

Network Indicators:

Unexpected outbound connections from Dolibarr server
Anomalous traffic patterns to/from Dolibarr administration interface

SIEM Query:

source="dolibarr_logs" AND (uri="/user/configuration" OR uri CONTAINS "computed_field") AND status=200

📊 Metadata

CVE ID: CVE-2025-56588

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.32% exploit probability (54.2th percentile)

Published: October 1, 2025

Last Updated: October 22, 2025

🔗 References

http://dolibarr.com Not Applicable
https://github.com/PhDg1410/Research Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56588, you might also want to check these: