CVE-2025-66834
Unknown
Unknown - Not Provided
CSV Formula Injection in TrueConf Server Chat Log Export
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trueconf | trueconf_server | 5.5.2.10813 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CSV Formula Injection in TrueConf Server v5.5.2.10813. It allows a normal user to inject malicious spreadsheet formulas into exported chat logs by crafting their Display Name in a way that includes harmful formulas. [1]
How can this vulnerability impact me? :
The vulnerability can lead to the execution of malicious spreadsheet formulas when exported chat logs are opened in spreadsheet software. This can result in unauthorized actions such as data manipulation, data leakage, or execution of harmful commands on the user's system. [1]
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70