CVE-2025-50572 is a vulnerability identified in Archer Technology's RSA Archer platform version 6.11.00204.10014. The flaw allows an attacker to execute arbitrary code by injecting crafted system inputs that are subsequently exported into CSV files. When a user opens these maliciously crafted CSV files with compatible applications (such as spreadsheet software that supports formula execution), the embedded code can be executed, potentially compromising the user's system. This vulnerability leverages the common risk associated with CSV injection or formula injection attacks, where specially crafted input data is interpreted as executable formulas by spreadsheet applications like Microsoft Excel or LibreOffice Calc. The attack vector requires the attacker to influence or control input data that will be exported into CSV format and then opened by a user with a vulnerable application. The vulnerability does not require direct exploitation within the Archer platform itself but exploits the downstream handling of exported data. No CVSS score has been assigned yet, and no known exploits are reported in the wild at the time of publication. The affected version is specifically 6.11.00204.10014, with no other versions explicitly mentioned. The vulnerability was reserved in mid-June 2025 and published at the end of July 2025.

For European organizations using RSA Archer 6.11.00204.10014, this vulnerability poses a significant risk primarily through social engineering or supply chain attack vectors. Since RSA Archer is widely used for governance, risk management, and compliance (GRC) activities, exploitation could lead to unauthorized code execution on systems of users who open malicious CSV exports. This could result in data theft, lateral movement within networks, or deployment of malware. The impact on confidentiality is high if sensitive GRC data is exposed or manipulated. Integrity could be compromised if attackers alter risk or compliance data, potentially affecting decision-making processes. Availability impact is medium, as exploitation could lead to system instability or denial of service if malicious code disrupts user environments. The attack requires user interaction (opening the CSV file), which somewhat limits the scope but does not eliminate risk, especially in environments where exported reports are shared frequently. The lack of known exploits suggests a window for proactive mitigation. However, the risk remains substantial given the critical nature of RSA Archer in enterprise risk management workflows.

Organizations should implement strict input validation and sanitization on data that may be exported to CSV files to prevent injection of malicious formulas or code. Specifically, any user-controllable input fields should be sanitized to neutralize characters that trigger formula execution (e.g., '=', '+', '-', '@' at the start of CSV fields). Additionally, users should be trained to handle CSV files cautiously, avoiding opening untrusted CSV files directly in spreadsheet applications without inspection. Employing application-level controls to disable automatic formula execution in spreadsheet software can reduce risk. RSA Archer users should monitor for patches or updates from the vendor addressing this vulnerability and apply them promptly once available. Network-level protections such as email filtering to detect and quarantine suspicious CSV attachments can also reduce exposure. Finally, organizations should consider implementing endpoint detection and response (EDR) solutions to detect anomalous behaviors resulting from exploitation attempts.