216.73.217.22

CVE-2025-62417

· Published 16/10/2025 19:15 · Modified 16/10/2025 19:15

Labels: CVE-2025-62417 2025-10-16CVE-2025-62417CWE-1236[email protected]

Essential information

Published
16/10/2025 19:15
Modified
16/10/2025 19:15
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and later exported or saved into a CSV and opened in spreadsheet software, the spreadsheet will interpret that cell as a formula. This allows an attacker to supply a CSV field (e.g., product name) that contains a formula which may be evaluated by a victim’s spreadsheet application — potentially leading to data exfiltration and remote command execution (via older Excel exploits / OLE/cmd constructs or Excel macros). This vulnerability is fixed in 2.3.8.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bagisto / bagisto cpe:2.3:a:bagisto:bagisto:2.3.8:*:*:*:*:*:*:*

References