Skip to content

x Want to ask a question or reply? Click here to join the group.
Sage CRM

Sage CRM 2025 R2: Implementation Improvements: Security updates and hardening measures

3 minute read time.

Sage CRM 2025 R2 introduces a series of important security improvements, infrastructure updates, and hardening measures designed to keep customer systems protected and up to date. These changes include both enhancements made directly within the Sage CRM product and updates to the third-party components that Sage CRM relies upon. For partners, administrators, and IT teams, this release offers a timely reminder of the importance of deploying Sage CRM securely, regularly updating environments, and ensuring all implementations are served exclusively over HTTPS.

This article summarises the key improvements in 2025 R2 and provides guidance on maintaining a hardened, secure Sage CRM deployment.

Security Fixes Delivered in Sage CRM 2025 R2

Several vulnerabilities and security gaps were addressed directly within Sage CRM. Customers upgrading to 2025 R2 immediately benefit from these hardening measures.

Prevention of executable script injection

Two significant issues have been fixed:

  • It was possible to insert an executable script via the API (CRMS-2021)

  • It was possible to inject executable script via an Interactive Dashboard gadget template (CRMS-2146)

These fixes harden the platform against common injection attacks and reinforce the trust boundary between user input, dashboard components, and API endpoints.

Fixes to Exchange Online integration and OAuth 2.0 configuration

The modernisation of Exchange Online integration (Tasks, Contacts, and Appointments sync) relies on OAuth 2.0 and Microsoft Graph. Improvements in this area eliminate legacy dependencies and increase overall security by retiring older authentication flows. CRM now enforces correct re-entry and hashing of integration credentials after upgrades or configuration changes.

Deprecation of Classic Dashboards for Security Reasons

Classic Dashboards are now formally deprecated and are identified as a potential security risk if left active in customer environments. They will be removed entirely in Sage CRM 2026 R1.

Administrators should migrate users to the modern dashboard framework as soon as possible.

Recommendations for Implementing a Secure Sage CRM Environment

Always deploy Sage CRM over HTTPS

The installation prerequisites remind administrators to secure CRM deployments, especially when exposed beyond the corporate network. Sage explicitly recommends:

  • Enabling SSL

  • Using a VPN for external users

This is a minimum requirement. Modern deployments should use:

  • TLS 1.2 or TLS 1.3 exclusively

  • HSTS headers

  • Strict firewall rules

Keep the server environment updated

After upgrading CRM, administrators must also:

  • Update SQL Server if required

  • Re-enter and resave hashed passwords used in integrations

  • Ensure all security-related configuration steps are completed

Ignoring these can result in weakened authentication or integration failures.

Why Upgrading to Sage CRM 2025 R2 is Essential

Upgrading is not just about obtaining new features. It is a key part of maintaining a secure deployment:

  • You close vulnerabilities that have been fixed in the product

  • You replace outdated open-source components

  • You eliminate deprecated, insecure features

  • You modernise integrations and authentication flows

  • You ensure compatibility with updated SQL Server and browser platforms

Failing to upgrade gradually increases operational risk over time.

Conclusion

Sage CRM 2025 R2 delivers meaningful improvements in platform security, stability, and resilience. Combined with updated third-party components and a stronger, modernised Microsoft Graph-based authentication model, this release arms customers with the tools they need for a secure, well-hardened CRM environment.

However, security does not end with an upgrade. It requires vigilant implementation practices, including enforcing HTTPS, maintaining up-to-date server environments, and removing deprecated components.

Customers and partners upgrading to 2025 R2 are strongly encouraged to review their deployment architecture, apply the recommended hardening steps, and ensure that Sage CRM remains a secure, modern, and trusted platform for managing business relationships.

*Community Hub is the new name for Sage City