CVE-2025-50572 is a vulnerability identified in Archer version 6.11.00204.10014 that enables attackers to execute arbitrary code on a victim's system through crafted system inputs that are exported into CSV files. The attack vector involves an attacker preparing malicious input data that, when exported by the Archer application into a CSV file, contains payloads that exploit features in spreadsheet or CSV-compatible applications (such as Microsoft Excel or LibreOffice Calc). Upon opening the CSV file, the embedded malicious code executes, potentially allowing full compromise of the user's system. The vulnerability is classified under CWE-1236, which relates to improper handling of CSV injection or formula injection attacks. The CVSS v3.1 score of 8.8 reflects a high severity, with attack vector being network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but user interaction required (UI:R). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H). Despite the supplier's rejection of this report, the vulnerability remains a significant risk due to the ease of exploitation and potential damage. No patches or mitigations have been officially released, and no known exploits are currently in the wild. This vulnerability highlights the risk of CSV injection attacks where malicious formulas or scripts embedded in CSV files can execute when opened in vulnerable spreadsheet applications. Organizations using Archer should be aware of this threat and take proactive measures to prevent exploitation.

For European organizations, this vulnerability poses a substantial risk especially to those using Archer 6.11.00204.10014 in environments where CSV exports are common and users frequently open such files with spreadsheet applications. Successful exploitation can lead to arbitrary code execution, resulting in data breaches, system compromise, ransomware deployment, or disruption of critical business processes. Confidential data could be exfiltrated, altered, or destroyed, impacting compliance with GDPR and other data protection regulations. The requirement for user interaction (opening the CSV) means phishing or social engineering could be leveraged to deliver the malicious files. The lack of an official patch increases exposure time, and the supplier's dismissal may delay remediation efforts. Organizations in sectors such as finance, government, healthcare, and critical infrastructure are particularly vulnerable due to the sensitive nature of their data and the strategic value of their systems. The attack could also undermine trust in exported reports and data sharing workflows, affecting operational continuity.

1. Implement strict user training and awareness programs focusing on the risks of opening CSV files from untrusted or unknown sources. 2. Configure spreadsheet applications (e.g., Microsoft Excel, LibreOffice) to disable automatic formula execution or enable 'Protected View' for files originating from the internet or untrusted locations. 3. Employ email filtering and attachment scanning to detect and quarantine suspicious CSV files containing potential formula injections. 4. Use application whitelisting and endpoint detection and response (EDR) tools to monitor and block unauthorized code execution triggered by spreadsheet applications. 5. Where possible, sanitize or validate data inputs before exporting to CSV to remove or neutralize potentially malicious formulas or scripts. 6. Establish policies to restrict the use of CSV exports for sensitive data or require additional verification steps before opening such files. 7. Monitor vendor communications for any future patches or advisories and plan for rapid deployment once available. 8. Consider alternative data export formats less susceptible to injection attacks, such as JSON or XML, with proper validation. 9. Conduct regular security assessments and penetration testing focused on data export and import functionalities to identify similar weaknesses.