CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1836: Incorta Edit Insight csv injection

5.3 CVSS

Description

A vulnerability was found in Incorta 2023.4.3. It has been classified as problematic. Affected is an unknown function of the component Edit Insight Handler. The manipulation of the argument Service Name leads to csv injection. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Incorta 2023.4.3 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Edit Insight Handler. Durch Manipulation des Arguments Service Name mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.

Classification

CVE ID: CVE-2025-1836

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem Types

CSV Injection Injection

Affected Products

Vendor: n/a

Product: Incorta

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.73% (scored less or equal to compared to others)

EPSS Date: 2025-03-31 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1836
https://vuldb.com/?id.298104
https://vuldb.com/?ctiid.298104
https://vuldb.com/?submit.503070

Timeline

2025-03-02 23:40:11 UTC
CVE

Incorta Edit Insight csv injection