CVE-2025-50572
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-08-04
Assigner: MITRE
Description
Description
An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| archer_technology | rsa_archer | 6.11.00204.10014 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Archer Technology RSA Archer 6.11.00204.10014 allows attackers to execute arbitrary code by crafting system inputs that are exported into a CSV file. When a user opens this CSV file with compatible applications, the malicious code is executed.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution, allowing attackers to gain control over the affected system, potentially leading to data theft, system compromise, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70