CVE-2025-61873

Summary

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

Affected Software

VendorProductVersion RangeStatus
bestpracticalRequest Tracker0 < 4.4.9affected
bestpracticalRequest Tracker5.0 < 5.0.9affected
bestpracticalRequest Tracker6.0 < 6.0.2affected

Weaknesses

  • CWE-1236: CWE-1236 Improper Neutralization of Formula Elements in a CSV File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References