CVE-2025-56588 is a remote code execution (RCE) vulnerability identified in Dolibarr ERP & CRM version 21.0.1. The vulnerability exists within the User module configuration, specifically through the 'computed field' parameter. This parameter likely allows dynamic evaluation or execution of code or expressions, and improper sanitization or validation of this input can lead to arbitrary code execution on the server hosting the application. An attacker exploiting this flaw could execute malicious code remotely without authentication, potentially gaining full control over the affected system. Since Dolibarr is an open-source ERP and CRM platform used by organizations to manage business processes such as accounting, sales, and customer relations, exploitation of this vulnerability could compromise sensitive business data and disrupt critical operations. The vulnerability was reserved in August 2025 and published in October 2025, but no CVSS score or patch information is currently available, and no known exploits have been reported in the wild yet. The lack of a CVSS score suggests that the vulnerability is newly disclosed and may require further analysis to fully understand its impact and exploitability. However, given the nature of RCE vulnerabilities, this represents a significant security risk.

For European organizations using Dolibarr ERP & CRM, this vulnerability poses a serious threat to confidentiality, integrity, and availability of their business-critical systems. Successful exploitation could allow attackers to execute arbitrary commands, leading to data theft, unauthorized data modification, or complete system takeover. This could result in financial losses, reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and operational disruptions. Given the ERP/CRM context, sensitive customer data, financial records, and internal communications could be exposed or manipulated. Additionally, attackers could use compromised systems as footholds for lateral movement within corporate networks, escalating the scope of the breach. The absence of known exploits in the wild currently provides a window for proactive mitigation, but the risk remains high due to the ease of exploitation typically associated with RCE vulnerabilities in web applications.

Organizations should immediately audit their Dolibarr ERP & CRM installations to identify if version 21.0.1 is in use. Since no official patch or update is currently available, temporary mitigations include disabling or restricting access to the User module's computed field functionality, especially from untrusted networks. Implementing strict input validation and sanitization at the application or web server level can help mitigate exploitation attempts. Network-level protections such as web application firewalls (WAFs) should be configured to detect and block suspicious payloads targeting the computed field parameter. Monitoring application logs for unusual activity related to user module configurations is critical for early detection. Organizations should also subscribe to Dolibarr security advisories for timely patch releases and plan for immediate application of updates once available. Additionally, isolating the ERP/CRM system within segmented network zones and enforcing strong access controls can limit the potential impact of a successful exploit.