CVE-2018-25135
CSV Injection in Anviz AIM CrossChex 4.3.6.0 Enables Command Execution
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | aim_crosschex_standard | 4.3.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-149 | Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CSV injection (also known as Excel Macro Injection or Formula Injection) in Anviz AIM CrossChex Standard version 4.3.6.0. It occurs when importing or exporting user data via XLS Excel files. Attackers can insert malicious Excel formula payloads into user fields such as 'Name', 'Gender', or 'Position'. When the manipulated XLS file is imported, Microsoft Excel executes the embedded malicious macro formulas, allowing arbitrary command execution on the affected Windows system. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary command execution on the affected Windows system. An attacker can execute malicious commands by crafting payloads in user import fields, potentially compromising system security, executing unauthorized programs, or gaining control over the system where the application is running. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting imported or exported XLS Excel files for malicious formula payloads in user fields such as 'Name', 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date', or 'Address'. Specifically, look for Excel formulas starting with '=' that execute commands, for example, payloads like '=cmd|' /C mspaint'!L337'. There are no specific network commands provided, but manual or automated scanning of user import files for suspicious Excel formulas can help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the import of untrusted XLS files containing user data, sanitizing or validating all user import fields to strip or neutralize Excel formulas, and applying updates or patches from the vendor if available. Additionally, restrict or monitor the execution of macros in Microsoft Excel on affected systems to prevent automatic execution of malicious payloads. [1, 3]