At SugarCRM, we take the security and protection of your systems and data seriously. Today, we are publicly announcing the availability of versions 14.0.3 and 25.1.2 to all customers. Sugar versions 14.0.3 and 25.1.2 contain fixes for critical security vulnerabilities. Following our investigations, we have no indication that the vulnerabilities have been exploited.
If your Sugar instance is hosted in Sugar's cloud environment, we have deployed a patch to your instance that includes important security fixes. No action is required on your part.
Though this deployment may not change the version you see in your Sugar instance, you can be assured that the necessary fixes have been applied to your current version, and your environment is fully patched and protected.
If you have any questions, please have one of your Sugar support-authorized contacts create a case or email support@sugarcrm.com. For more information on the Sugar Support process, please visit the Working With Sugar Support article.
Administrators are strongly encouraged to upgrade their Sugar instances to 14.0.3 or 25.1.2, as determined by their current version of Sugar, to prevent potential exploitation of these weaknesses. Please carefully review the following instructions and take the actions outlined below at the earliest opportunity.
| Current Version | Upgraded Version |
| 25.1.x | 25.1.2 |
| 14.0.x | 14.0.3 |
If you use Microsoft Exchange Online for outbound emails in Sugar, please review the [ACTION REQUIRED] Security Release 25.1.2 and 14.0.3 Microsoft Exchange Online Updates post in SugarClub prior to upgrading. Action is required to prevent any disruptions to your outbound emails after the upgrade.
Please visit the Download Manager to download the latest patch for your release, 25.1.2 or 14.0.3, to address these vulnerabilities. The Installation and Upgrade Guide, specific to your Sugar version and product, contains the appropriate guidance to apply these patches to your instance. Please review the Supported Platforms prior to installing or upgrading.
If further assistance is needed and you are on a supported version of Sugar, have one of your Sugar support-authorized contacts create a case or email support@sugarcrm.com. For more information on the Sugar Support process, please visit the Working With Sugar Support article.
If you would like to consider moving to SugarCloud, please visit the Upgrade Transition Program or download the SugarCloud Migration Guide to learn how SugarCRM can help you transition smoothly.
