CVE-2025-50572

High CVSS: 8.8

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.

Vendor

Product

CWE

CWE-1236

Yayın Tarihi

2025-07-31 20:15:43

Güncelleme

2026-01-12 09:15:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1236 HIGH 2025

Referanslar

http://archer.com http://rsa.com https://github.com/shorooq-hummdi/Archer-csv-injection-command-exec/blob/main/README.md https://www.archerirm.community/s/blogs/formula-injection-into-csv-files-vulnerability-in-rsa-archer-6-1-x-and-higher-MCOCQFO3WCQBCCHMKNC74JGSFWQY