CVE-2025-50572

HIGH

Archer 6.11.00204.10014 - RCE

Title source: llm

Description

Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.

References (4)

[Various Sources] http://archer.com

[Various Sources] http://rsa.com

[Various Sources] https://github.com/shorooq-hummdi/Archer-csv-injection-command-exec/blob/main/README.md

View Writeup ZIP pw:eip

[Various Sources] https://www.archerirm.community/s/blogs/formula-injection-into-csv-files-vulnerability-in-rsa-archer-6-1-x-and-higher-MCOCQFO3WCQBCCHMKNC74JGSFWQY

Scores

CVSS v3 8.8

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-1236

Status published

Published Jul 31, 2025

Tracked Since Feb 18, 2026