SuiteCRM 8.9.1
10 November 2025
SuiteCRM version 8.9.1 is now available (security release).
Upgrading to SuiteCRM 8.9.1
SuiteCRM 8.9.1 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SuiteCRM updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SuiteCRM install to test the 8.9.1 upgrade prior to applying it live. Get started managing your SuiteCRM installations with Installatron
What's New in SuiteCRM 8.9.1
Security
- CVE-2025-64488 SQL Injection Vulnerability | Reporter: allannjuguna
- CVE-2025-64489 Privilege Escalation Vulnerability | Reporter: prakhar0x01
- CVE-2025-64490 Improper Access Control | Reporter: prakhar0x01
- CVE-2025-64491 XSS Vulnerability | Reporter: Nicolas Decayeux (Patrowl)
- CVE-2025-64492 SQL Injection Vulnerability | Reporter: Robert Torosyan
- CVE-2025-64493 SQL Injection Vulnerability | Reporter: Paul (dibits.de)
Bug Fixes
- #728 Fix attachment alignment on Mobile
- #727 Fix New Users not shown wizard
- #720 error when executing the scheduler with a campaign to be triggered
- #600 untranslated messages in timeline and charts
- #724 Non admins unable to see filter save button
- #735 Update Schedulers Listview to Suite 8 view
- #736 Fix https redirect proxy issue
- #729 Bulk Delete failing
- #743 Fix selection on listview
- #744 Fix email line action showing incorrectly on some modules
- #745 Add support for confirmation modals on async validation
- #709 Fix issue with space characters being deleted
- #754 Add default order by on listview
- #750 Fix Relate Field issues on filter
- #739 Add Trackers Enabled Retrieve Api Mapper
- #758 Fix User preferences being reset on security group update
- #761 Update async validator data
- #652 datetime formatting on dst, Add Meridian to Popup Datetime
- #746 Remove failed two factor label after successful code
- #741 Hardcoded labels in the Email Marketing Diagnostics / Charts
- #719 Allowed cron user won’t be automatically generated for config.php during 8.9 installation
- #751 When adding a role (with restricted permissions) to a user, no modules are visible anymore
- #755 field actions not showing correctly
- #768 Fix Campaign Chart counter not showing correct clicks and opt out.
- #645 Fix variable name typo in NavbarHandler.php
- #560 removed equality check between fieldKey and name in return condition of addFieldDepedency() to allow addition of the field itself as a dependency
- #722 File attachment display should wrap into multiple lines
- #772 campaign trackers admin config on fresh install
- #771 Use date component in datetime filter mode
- #748 Replace return 0 with Symfony Command Constants
- #773 Fix attachment re-upload
- #778 Fix incorrect label on Campaign Charts
- #777 Fix Sidebar Widget Rendering
- #776 Fix issue of email compose not showing correctly
- #781 Fix intermittent with save button not appearing
- #779 Fix issue with date due in tasks not displaying
- #785 Fix attachment popover showing incorrectly on resize
- #786 Fix composite fields display on filter
- #784 Update in_queue_date to use current DateTime format
- #10708 Converting Quote to Invoice ignores field defaults
- #10713 Fix edit link (pencil) in Global Search
- #10714 Fix multienum fields in dashlet filters
- #10716 Fix Inline Edit for decimal fields
- #10725 Set Email Warning Notification to false
- #10570 Email Signature Compose View Issues
- #10726 Search Pagination and Module Filter
- #10732 Can’t list view inbound email inboxes after soft-deleting a user with an active email inbox
- #10736 Fix Workflow modify record date issue
- #10722 Set date_entered after save update
- #10724 Email Subject not importing correctly