CVE-2018-25135
Unknown Unknown - Not Provided
CSV Injection in Anviz AIM CrossChex 4.3.6.0 Enables Command Execution

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25135
EUVD
EUVD-2025-205349
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anviz aim_crosschex_standard 4.3.6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-149 Quotes injected into a product can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a CSV injection (also known as Excel Macro Injection or Formula Injection) in Anviz AIM CrossChex Standard version 4.3.6.0. It occurs when importing or exporting user data via XLS Excel files. Attackers can insert malicious Excel formula payloads into user fields such as 'Name', 'Gender', or 'Position'. When the manipulated XLS file is imported, Microsoft Excel executes the embedded malicious macro formulas, allowing arbitrary command execution on the affected Windows system. [1, 3]

Impact Analysis

This vulnerability can lead to arbitrary command execution on the affected Windows system. An attacker can execute malicious commands by crafting payloads in user import fields, potentially compromising system security, executing unauthorized programs, or gaining control over the system where the application is running. [1, 3]

Detection Guidance

This vulnerability can be detected by inspecting imported or exported XLS Excel files for malicious formula payloads in user fields such as 'Name', 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date', or 'Address'. Specifically, look for Excel formulas starting with '=' that execute commands, for example, payloads like '=cmd|' /C mspaint'!L337'. There are no specific network commands provided, but manual or automated scanning of user import files for suspicious Excel formulas can help detect exploitation attempts. [1, 3]

Mitigation Strategies

Immediate mitigation steps include avoiding the import of untrusted XLS files containing user data, sanitizing or validating all user import fields to strip or neutralize Excel formulas, and applying updates or patches from the vendor if available. Additionally, restrict or monitor the execution of macros in Microsoft Excel on affected systems to prevent automatic execution of malicious payloads. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25135. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart