CVE-2025-61873
LOWSeverity by source
AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
AnalysisAI
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used. [CVSS 2.6 LOW]
Technical ContextAI
This vulnerability (CWE-1236: Improper Neutralization of Formula Elements in a CSV File) Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
Affected ProductsAI
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today