CVE-2025-66834

High CVSS: 7.3

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.

Vendor

Trueconf

Product

Server

CWE

CWE-1236

Yayın Tarihi

2025-12-30 19:15:44

Güncelleme

2026-01-07 15:39:50

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1236 Server HIGH Trueconf 2025

Referanslar

https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66834/README.md https://trueconf.com https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66834/README.md

Benzer Kayıtlar

High

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is abl…

Medium

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to…

High

CVE-2025-66824

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference fun…

High

CVE-2025-66835

TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary…