CVE-2025-8808 is a CSV Injection vulnerability identified in the xujeff tianti 天梯 software, specifically affecting versions up to 2.3. The vulnerability resides in the exportOrder function within the /tianti-module-admin/user/ajax/save file of the com.jeff.tianti.controller component. CSV Injection occurs when untrusted input is embedded into CSV files without proper sanitization, allowing malicious actors to inject spreadsheet formulas or commands. When such a crafted CSV file is opened by an end user in spreadsheet software (e.g., Microsoft Excel), the injected formulas can execute, potentially leading to data leakage, command execution, or other malicious activities. The vulnerability is remotely exploitable without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/PR:L/UI:N). The CVSS 4.0 base score is 5.3, categorizing it as a medium severity issue. The vendor was notified but did not respond, and no patches have been released. Although no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation. The vulnerability's impact is primarily on data integrity and confidentiality, as malicious formulas can exfiltrate data or manipulate spreadsheet content. Given the nature of CSV Injection, the threat is particularly relevant in environments where exported CSV files are shared or processed by multiple users, especially in administrative or financial contexts.

For European organizations using xujeff tianti 天梯, this vulnerability poses a moderate risk. The ability to inject malicious formulas into CSV exports can lead to unauthorized data access or manipulation when files are opened in spreadsheet applications. This can compromise sensitive business data, financial records, or user information, potentially violating GDPR requirements on data protection and privacy. The remote exploitability without user interaction or authentication increases the risk in automated or bulk export scenarios. Organizations relying on tianti 天梯 for order management or administrative functions may face operational disruptions or reputational damage if CSV Injection is exploited. Additionally, the lack of vendor response and patches means organizations must proactively mitigate the risk. The medium severity score reflects the moderate impact on confidentiality and integrity, with limited impact on availability. However, if attackers leverage this vulnerability as part of a broader attack chain, the consequences could escalate.

1. Implement input sanitization and validation on all user-supplied data that is exported to CSV files, ensuring that any fields starting with characters like '=', '+', '-', or '@' are either escaped or prefixed with a single quote to neutralize formula execution. 2. Restrict access to the exportOrder function to authorized users only, applying strict access controls and monitoring usage logs for suspicious activity. 3. Educate users about the risks of opening CSV files from untrusted sources and encourage the use of spreadsheet software settings that disable automatic formula execution or enable protected view modes. 4. Employ network-level controls to limit exposure of the vulnerable endpoint, such as IP whitelisting or VPN access. 5. Monitor for any unusual CSV export patterns or anomalies that could indicate exploitation attempts. 6. Consider implementing application-layer firewalls or runtime application self-protection (RASP) solutions to detect and block injection attempts. 7. If feasible, review and modify the source code to sanitize output or switch to safer export formats that do not support formula execution. 8. Maintain an incident response plan to quickly address any detected exploitation or data compromise related to this vulnerability.