CRITICAL🇵🇱 Wersja polska

CVE-2025-22978

CVSS 9.8v3.1pub. 2025-02-03upd. 2026-01-20

eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-74 (Injection) involves insufficient sanitization of data written to CSV files generated by the exception logs module. An attacker can inject data containing special characters (such as =, +, -, @) at the beginning of field values, which spreadsheet applications (such as Microsoft Excel or LibreOffice Calc) interpret as formulas. After downloading and opening such a file by a user (e.g., an administrator), the malicious formula can be executed in the context of their workstation.

Impact

An attacker can cause malicious code to be executed on the computer of a user opening an infected CSV file, which may result in data theft, session hijacking, or system compromise.

Mitigation & patch

Patches available from the vendor should be applied according to the references — the fix was introduced in commit d6a16e9afc0a3b96a56f1a24ed167e1beec6ce2f available in the Eladmin project GitHub repository.

Who is affected

Eladmin version 2.7 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Eladmin

    APP
    Eladmin
    ≤ 2.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-44677CRITICAL9.8PL ✓ten sam produkt

SSRF umożliwiające RCE w Eladmin v2.7 — komponent DatabaseController

CVE-2024-51243HIGH7.2ten sam produkt

The eladmin v2.7 and before contains a remote code execution (RCE) vulnerability that can control all applicat...

CVE-2025-70997MEDIUM6.5ten sam produkt

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary use...

CVE-2025-9239MEDIUM6.3ten sam produkt

A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function Enc...

CVE-2025-8530MEDIUM5.5ten sam produkt

A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by ...