CVE-2025-1421 is a vulnerability classified under CWE-1236, which concerns the improper neutralization of formula elements in CSV files generated by the Proget product, specifically the Konsola Proget server component of the MDM (Mobile Device Management) suite. The vulnerability arises when data submitted during the activation of a new device is stored in the server's database without proper sanitization. High privileged users who subsequently download this data as a CSV file and open it in spreadsheet applications like Microsoft Excel risk triggering malicious formulas embedded in the CSV content. These formulas can execute arbitrary code or commands on the user's PC, potentially allowing an attacker to gain remote access to the victim's machine. The vulnerability requires that the attacker supply crafted input during device activation, which is then stored and later downloaded by a privileged user. Exploitation involves user interaction, specifically opening the malicious CSV file in a vulnerable spreadsheet application. The vulnerability has been addressed in version 2.17.5 of Konsola Proget. The CVSS 4.0 base score is 2.4, indicating a low severity primarily due to the requirement of high privileges, user interaction, and network attack vector with limited scope and impact on confidentiality, integrity, and availability. No known exploits are reported in the wild as of the publication date.

For European organizations using Proget's Konsola Proget MDM server, this vulnerability poses a risk primarily to high privileged users who manage device activations and handle exported CSV data. If exploited, attackers could execute arbitrary code on the administrator's workstation, potentially leading to unauthorized remote access. This could compromise sensitive administrative credentials or allow lateral movement within the organization's network. The impact is particularly relevant for organizations with centralized device management and strict administrative workflows. However, the low CVSS score and requirement for user interaction reduce the likelihood of widespread impact. Still, organizations in sectors with high regulatory requirements or sensitive data, such as finance, healthcare, and critical infrastructure, should consider the risk significant enough to warrant prompt remediation to prevent targeted attacks.

1. Upgrade Konsola Proget to version 2.17.5 or later to apply the official patch that neutralizes formula elements in CSV exports. 2. Implement strict input validation and sanitization on all data fields submitted during device activation to prevent injection of malicious formulas. 3. Educate high privileged users to avoid opening CSV files from untrusted or unverified sources, especially those containing data from device activation workflows. 4. Configure spreadsheet applications like Microsoft Excel to disable automatic formula execution or enable Protected View for files originating from the network or untrusted sources. 5. Employ endpoint detection and response (EDR) solutions to monitor for suspicious process executions triggered by spreadsheet applications. 6. Restrict access to CSV export functionality to only necessary personnel and audit usage regularly. 7. Consider alternative data export formats that do not support formula execution, such as plain text or sanitized JSON, if supported by the product.