CyberSec.Space Logo
Back to CVE Browser

CVE-2018-25135

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile10.95th
PublishedDec 24, 2025
Last ModifiedApr 15, 2026

Vulnerability Description

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

πŸ”— https://www.anviz.com
πŸ”— https://www.exploit-db.com/exploits/45765
πŸ”— https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
πŸ”— https://www.exploit-db.com/exploits/45765
πŸ”— https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php

Related Vulnerabilities

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...