CVE-2025-7061
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intelbras | incontrol_web | From 2.21.60.0 (inc) to 2.21.60.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7061 is a CSV injection vulnerability in Intelbras InControl up to version 2.21.60.9. It occurs because the application does not properly sanitize user input in the /v1/operador/ endpoint, allowing an authenticated attacker to inject malicious formulas into CSV exports. When these CSV files are opened in spreadsheet software, the injected formulas can execute, potentially leading to code execution or data manipulation. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with authenticated access to inject malicious formulas into CSV files exported from the system. When these CSV files are opened in spreadsheet applications, the formulas can execute arbitrary code or manipulate data, potentially compromising data integrity or leading to further attacks. The attack can be initiated remotely but requires authentication. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Intelbras InControl system is running version 2.21.60.9 or earlier and by testing the /v1/operador/ endpoint for CSV injection. An authenticated user can attempt to inject a formula such as '=10*10' into fields like 'nome_completo' via a PUT request to /v1/operador/<id>. Then, export the CSV via the /v1/operador endpoint with parameters for CSV format and selected fields (nome_operador, username, groups) to see if the formula is executed when opened in spreadsheet software. Commands would involve using curl or similar tools to perform authenticated PUT requests and GET requests to these endpoints to verify injection and export behavior. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting authenticated user access to the /v1/operador/ endpoint to trusted users only, avoiding opening exported CSV files from the system in spreadsheet software without sanitizing them first, and considering alternative products as no official vendor mitigations or patches have been provided. Monitoring for suspicious activity related to CSV exports and applying strict input validation or sanitization on user inputs before exporting to CSV can also help reduce risk. [2]