CVE-2025-50572

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://archer.com
http://rsa.com
https://github.com/shorooq-hummdi/Archer-csv-injection-command-exec/blob/main/README.md
https://www.archerirm.community/s/blogs/formula-injection-into-csv-files-vulnerability-in-rsa-archer-6-1-x-and-higher-MCOCQFO3WCQBCCHMKNC74JGSFWQY
Configurations

No configuration.

History

12 Jan 2026, 09:15

Type Values Removed Values Added
Summary (en) An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. (en) Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.
References
  • () https://www.archerirm.community/s/blogs/formula-injection-into-csv-files-vulnerability-in-rsa-archer-6-1-x-and-higher-MCOCQFO3WCQBCCHMKNC74JGSFWQY -

04 Aug 2025, 15:06

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Archer Technology RSA Archer 6.11.00204.10014 que permitía a los atacantes ejecutar código arbitrario a través de entradas de sistema manipuladas que se exportarían al CSV y se ejecutarían después de que el usuario abriera el archivo con aplicaciones compatibles.

31 Jul 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-31 20:15

Updated : 2026-01-12 09:15

NVD link : CVE-2025-50572

Mitre link : CVE-2025-50572

CVE.ORG link : CVE-2025-50572

JSON object : View

Products Affected

No product.

CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File