CVE-2025-61873
LOWBest Practical RT <4.4.9-6.0.2 - Code Injection
Title source: llmDescription
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
Scores
CVSS v3
2.6
EPSS
0.0001
EPSS Percentile
1.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Classification
CWE
CWE-1236
Status
draft
Timeline
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026