CVE-2018-25135

CRITICAL

Anviz AIM CrossChex Standard 4.3.6.0 - Code Injection

Title source: llm

Description

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/45765

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.anviz.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45765

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-149

Status published

Products (1)

Anviz Biometric Technology Co., Ltd./Anviz AIM CrossChex Standard 4.3

Published Dec 24, 2025

Tracked Since Feb 18, 2026