CVE-2025-52386 | THREATINT

Description

CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file

PUBLISHED Reserved 2025-06-16 | Published 2025-08-13 | Updated 2025-08-13 | Assigner mitre

References

github.com/CycloneDX/Sunshine

github.com/...n-in-CycloneDX-Sunshine/blob/main/payload.json

github.com/...CycloneDX-Sunshine/blob/main/CVE-2025-52386.md

cve.org (CVE-2025-52386)

nvd.nist.gov (CVE-2025-52386)

Download JSON

help @ threatint.eu