CVE-2020-25398

HIGH

InterMind iMind Server <3.13.65 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25398. PoCs published by h3llraiser.

AI-analyzed exploit summary This repository contains a writeup for CVE-2020-25398, a CSV Injection vulnerability in InterMind iMind Server through 3.13.65. The vulnerability allows an attacker to inject malicious code into a CSV file, which executes when opened by a user.

Description

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.

Exploits (1)

nomisec WRITEUP

by h3llraiser · poc

https://github.com/h3llraiser/CVE-2020-25398

View Code ZIP pw:eip

This repository contains a writeup for CVE-2020-25398, a CSV Injection vulnerability in InterMind iMind Server through 3.13.65. The vulnerability allows an attacker to inject malicious code into a CSV file, which executes when opened by a user.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: InterMind iMind Server <= 3.13.65

No auth needed

Prerequisites: Access to the CSV export functionality

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/h3llraiser/CVE-2020-25398

Scores

CVSS v3 8.8

EPSS 0.0198

EPSS Percentile 77.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (1)

mind/imind_server < 3.13.65

Published Nov 05, 2020

Tracked Since Feb 18, 2026