CVE-2018-25135

CriticalPublic PoC

Published: 24 December 2025

Published

24 December 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution…

when importing user data.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes user import fields in CSV files to block malicious formulas that trigger Excel macro execution.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and remediation of the specific CSV injection flaw in Anviz AIM CrossChex Standard.

SI-9 Information Input Restrictions partial match

prevent

Restricts special characters and formulas in import fields like Name, Gender, and Position to limit CSV injection payloads.

Security SummaryAI

CVE-2018-25135 is a CSV injection vulnerability affecting Anviz AIM CrossChex Standard version 4.3.6.0. The flaw enables attackers to insert malicious formulas into user import fields such as 'Name', 'Gender', or 'Position'. These payloads trigger Excel macro execution when user data is imported, potentially leading to arbitrary command execution on the system processing the import.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability. Remote attackers without authentication can exploit it by crafting malicious CSV payloads for import, achieving command execution on the victim's machine when the data is processed.

Mitigation guidance is available in related advisories, including Zero Science's ZSL-2018-5498 and the Exploit-DB entry at exploits/45765, along with the vendor page at Anviz.com. Practitioners should consult these for patching or workaround details specific to CrossChex Standard 4.3.6.0.

Details

CWE(s): CWE-149

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

CVE-2018-25135 is a critical remote exploit in a network-accessible application (T1190) enabling injection of malicious CSV formulas that achieve command execution via user opening/processing the poisoned file in Excel (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.anviz.com
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45765
disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45765
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
134c704f-9b21-4f2e-91b3-4a467353bcc0