CVE-2025-66834 is a CSV Formula Injection vulnerability identified in TrueConf Server version 5.5.2.10813. The vulnerability arises because the application fails to properly sanitize or escape user-supplied Display Names before exporting chat logs as CSV files. An attacker with normal user privileges can craft a Display Name containing malicious spreadsheet formulas (e.g., starting with '=', '+', '-', or '@') that, when exported and opened in spreadsheet software like Microsoft Excel or LibreOffice Calc, will execute these formulas. This can lead to unauthorized data disclosure, modification, or execution of commands depending on the formulas used and the victim's environment. The CVSS v3.1 base score is 7.3, indicating high severity, with an attack vector of network (remote), low attack complexity, requiring low privileges but user interaction to open the malicious file. The vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently in the wild, and no patches have been published yet. The CWE classification is CWE-1236, which relates to improper neutralization of input during export to CSV. This vulnerability is particularly dangerous in environments where exported chat logs are shared or audited, as it can be a vector for social engineering or lateral movement within organizations.

For European organizations, this vulnerability could lead to significant data breaches or unauthorized actions if malicious CSV files are opened by employees or auditors. Confidential information contained in chat logs could be exfiltrated or manipulated through formula execution. Integrity of audit trails and compliance documentation may be compromised, undermining regulatory adherence such as GDPR. The attack requires user interaction but can be triggered by opening a seemingly benign exported file, increasing the risk of successful exploitation. Organizations relying on TrueConf Server for internal or external communications, especially in sectors like finance, healthcare, or government, face elevated risks. The lack of a patch and known exploits means organizations must proactively mitigate the risk. Additionally, the vulnerability could be leveraged in targeted spear-phishing campaigns within European enterprises, amplifying its impact.

To mitigate CVE-2025-66834, organizations should implement input sanitization or escaping mechanisms to neutralize formula characters in Display Names before exporting to CSV. If possible, disable or restrict CSV export functionality to trusted users only. Educate employees and auditors about the risks of opening CSV files from untrusted sources and encourage the use of safer file formats or viewing methods that do not execute formulas automatically. Employ endpoint protection solutions that can detect and block malicious spreadsheet behavior. Monitor and audit exported files for suspicious content. Until an official patch is released by TrueConf, consider applying custom filters or scripts to cleanse exported CSV files before distribution. Engage with TrueConf support to obtain updates or workarounds. Finally, incorporate this vulnerability into organizational threat modeling and incident response plans to ensure rapid detection and containment if exploited.