CVE-2025-8808
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xujeff | tianti | 2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8808 is a CSV injection vulnerability in the Tianti software version 2.3. It occurs because the exportOrder function exports user data to CSV files without validating or sanitizing user input. This allows a low-privilege attacker to inject malicious spreadsheet formulas or commands into CSV fields. When an administrator or user opens the exported CSV file in spreadsheet applications like Microsoft Excel, these malicious formulas can execute arbitrary commands on their machine, potentially leading to remote code execution. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with low privileges to inject malicious formulas into CSV files that you export from the system. When you open these CSV files in spreadsheet software, the malicious formulas can execute arbitrary commands on your computer. This can lead to unauthorized actions, such as running harmful scripts or commands, potentially compromising your system's integrity and security. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting CSV export files generated by the Tianti system for the presence of malicious spreadsheet formulas starting with characters such as '=', '+', '-', or '@' in user data fields like usernames. Additionally, monitoring HTTP POST requests to the /tianti-module-admin/user/ajax/save endpoint for suspicious input containing formula-like payloads can help detect exploitation attempts. For example, you can search exported CSV files for lines containing these special characters at the start of fields. A simple command to detect such payloads in exported CSV files could be: grep -E '^(=|\+|\-|@)' exported_users.csv. Network monitoring tools can also be configured to alert on POST requests containing suspicious payloads targeting the vulnerable endpoint. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening exported CSV files from the Tianti system in spreadsheet applications that automatically execute formulas, such as Microsoft Excel. Instead, open them in text editors or spreadsheet software with formula execution disabled. Since no patches or vendor responses are available, consider sanitizing or neutralizing special characters in user input fields before export to prevent formula injection. Alternatively, consider using different software products that do not have this vulnerability. Restricting user privileges to prevent low-privilege users from injecting malicious data and monitoring for suspicious activity on the export endpoint are also recommended. [2, 3]