CVE-2025-1774

Summary

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the "extraData" field.This issue affects BotSense in versions before 2.8.0.

Affected Software

VendorProductVersion RangeStatus
NASK - PIBBotSense0 < 2.8.0affected

Weaknesses

  • CWE-142: CWE-142 Improper Neutralization of Value Delimiters
  • CWE-143: CWE-143 Improper Neutralization of Record Delimiters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References