Cyber Resilience

CVE-2018-25135

CriticalPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0059 43.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-25135 is a critical-severity Improper Neutralization of Quoting Syntax (CWE-149) vulnerability in Zeroscience (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2018-25135 is a CSV injection vulnerability affecting Anviz AIM CrossChex Standard version 4.3.6.0. The flaw enables attackers to insert malicious formulas into user import fields such as 'Name', 'Gender', or 'Position'. These payloads trigger Excel macro execution when user data is imported, potentially leading to arbitrary command execution on the system processing the import.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability. Remote attackers without authentication can exploit it by crafting malicious CSV payloads for import, achieving command execution on the victim's machine when the data is processed.

Mitigation guidance is available in related advisories, including Zero Science's ZSL-2018-5498 and the Exploit-DB entry at exploits/45765, along with the vendor page at Anviz.com. Practitioners should consult these for patching or workaround details specific to CrossChex Standard 4.3.6.0.

EU & UK References

Vulnerability details

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution…

more

when importing user data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

CVE-2018-25135 is a critical remote exploit in a network-accessible application (T1190) enabling injection of malicious CSV formulas that achieve command execution via user opening/processing the poisoned file in Excel (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1094Shared CWE-149
CVE-2026-42511Shared CWE-149

Affected Assets

Zeroscience
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates and sanitizes user import fields in CSV files to block malicious formulas that trigger Excel macro execution.

prevent

Requires timely identification, reporting, and remediation of the specific CSV injection flaw in Anviz AIM CrossChex Standard.

prevent

Restricts special characters and formulas in import fields like Name, Gender, and Position to limit CSV injection payloads.

References