The vulnerability originates from the SavedSearch filter processing in SuiteCRM. The core component unserializes user-controlled data from the database column "saved_search.contents" without limiting the classes that can be instantiated. This flaw allows an authenticated administrator to execute arbitrary system commands on the host running the application, compromising both confidentiality and integrity of the server and surrounding network environment. The weakness is classified under CWE‑502.

SuiteCRM Core versions 8.9.2 and earlier are affected. The patch that resolves the issue is included in version 8.9.3. Users must verify the exact version of their deployment against the affected range and apply the update if they are running a vulnerable release.

The common vulnerability scoring system assigns a score of 8.6, indicating a high impact if exploited. The estimated probability of exploitation is very low, with an EPSS score below 1 %. The vulnerability is not listed in CISA’s Known Exploit Vulnerabilities catalog. Based on the description, the likely attack vector is an authenticated administrator who can upload or manipulate saved search data; the attacker must have administrative privileges to execute commands, making the attack more limited to insiders but still dangerous due to the full system impact.