CVE-2025-7061 is a CSV Injection vulnerability identified in Intelbras InControl versions up to 2.21.60.9. The vulnerability resides in an unknown code segment within the /v1/operador/ endpoint of the product. CSV Injection occurs when untrusted input is embedded into CSV files without proper sanitization, allowing attackers to inject malicious formulas or commands that execute when the CSV file is opened in spreadsheet software such as Microsoft Excel or LibreOffice Calc. This vulnerability can be triggered remotely without user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:H/UI:N). However, it requires high privileges (PR:H), meaning the attacker must have elevated access to the system or application to exploit it. The impact on confidentiality is none, but there is a low impact on integrity, as malicious formulas could alter data or execute commands on the client side when the CSV is opened. Availability and scope are unaffected. The vendor Intelbras has not responded to the disclosure, and no patches are currently available. Although no known exploits are reported in the wild, public disclosure and proof-of-concept exploits may emerge, increasing the risk of exploitation. The CVSS score of 5.1 (medium severity) reflects the moderate risk posed by this vulnerability, primarily due to the requirement for high privileges and the limited impact scope. CSV Injection vulnerabilities are often underestimated but can lead to significant downstream effects, especially in environments where CSV exports are shared widely and opened without caution.

For European organizations using Intelbras InControl, this vulnerability poses a moderate risk primarily in environments where privileged users export or share CSV files generated by the affected endpoint. If exploited, attackers with high-level access could inject malicious formulas into CSV exports, potentially leading to unauthorized command execution on the client machines of recipients who open these files in spreadsheet software. This could result in data manipulation, credential theft via formula-based phishing, or lateral movement within the organization. While the vulnerability does not directly compromise confidentiality or availability of the InControl system itself, the indirect impact on data integrity and endpoint security can be significant. Organizations in sectors with stringent data handling and compliance requirements (e.g., finance, healthcare, critical infrastructure) may face regulatory and reputational risks if such an attack leads to data corruption or leakage. The lack of vendor response and absence of patches increase the urgency for European entities to implement compensating controls and monitor for suspicious activity related to CSV exports and privileged access misuse.

1. Restrict privileged access: Limit the number of users with high privileges in Intelbras InControl to reduce the attack surface. 2. Sanitize CSV exports: Implement manual or automated sanitization of CSV data to neutralize potentially malicious formulas before exporting or sharing files. This can include prefixing cells with a single quote (') or using specialized CSV export libraries that escape formula characters (=, +, -, @). 3. User awareness and training: Educate users who handle CSV files about the risks of opening untrusted CSV files and encourage the use of safer spreadsheet settings that disable automatic formula execution. 4. Network segmentation and monitoring: Monitor and restrict access to the /v1/operador/ endpoint, and log all privileged operations to detect anomalous behavior. 5. Use alternative data export formats: Where possible, switch to safer export formats such as JSON or XML that do not support formula execution. 6. Apply endpoint protections: Deploy endpoint security solutions that can detect and block malicious macro or formula execution in spreadsheet applications. 7. Engage with Intelbras: Continue to seek vendor engagement for official patches or updates and monitor for any future advisories. 8. Incident response readiness: Prepare to respond to potential exploitation attempts by establishing detection rules for suspicious CSV file usage and privilege abuse within the environment.