{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25135", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-12-24T14:28:02.433Z", "datePublished": "2025-12-24T19:27:45.375Z", "dateUpdated": "2025-12-24T20:26:41.287Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-24T19:27:45.375Z"}, "datePublic": "2018-11-01T00:00:00.000Z", "title": "Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import", "descriptions": [{"lang": "en", "value": "Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Quoting Syntax", "cweId": "CWE-149", "type": "CWE"}]}], "affected": [{"vendor": "Anviz Biometric Technology Co., Ltd.", "product": "Anviz AIM CrossChex Standard", "versions": [{"version": "4.3", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/45765", "name": "ExploitDB-45765", "tags": ["exploit"]}, {"url": "https://www.anviz.com", "name": "Anviz Biometric Technology Product Homepage", "tags": ["product"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php", "name": "Zero Science Lab Disclosure (ZSL-2018-5498)", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/45765", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-24T20:13:27.766153Z", "id": "CVE-2018-25135", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-24T20:26:41.287Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25135", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-24T20:13:27.766153Z"}}}], "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/45765", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-24T20:13:31.321Z"}}], "cna": {"title": "Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import", "credits": [{"lang": "en", "type": "finder", "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Anviz Biometric Technology Co., Ltd.", "product": "Anviz AIM CrossChex Standard", "versions": [{"status": "affected", "version": "4.3"}]}], "datePublic": "2018-11-01T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/45765", "name": "ExploitDB-45765", "tags": ["exploit"]}, {"url": "https://www.anviz.com", "name": "Anviz Biometric Technology Product Homepage", "tags": ["product"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php", "name": "Zero Science Lab Disclosure (ZSL-2018-5498)", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-149", "description": "Improper Neutralization of Quoting Syntax"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-12-24T19:27:45.375Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25135", "state": "PUBLISHED", "dateUpdated": "2025-12-24T20:26:41.287Z", "dateReserved": "2025-12-24T14:28:02.433Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-12-24T19:27:45.375Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data."}], "id": "CVE-2018-25135", "lastModified": "2025-12-24T21:15:58.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-12-24T20:15:47.353", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.anviz.com"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/45765"}, {"source": "disclosure@vulncheck.com", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.exploit-db.com/exploits/45765"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-149"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{}