CVE-2025-8808 | THREATINT

Description

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Eine Schwachstelle wurde in xujeff tianti 天梯 bis 2.3 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft die Funktion exportOrder der Datei /tianti-module-admin/user/ajax/save der Komponente com.jeff.tianti.controller. Durch das Manipulieren mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-09 | Published 2025-08-10 | Updated 2025-08-10 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

4.0AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

CSV Injection

Injection

Product status

2.0

affected

2.1

affected

2.2

affected

2.3

affected

Timeline

2025-08-09:	Advisory disclosed
2025-08-09:	VulDB entry created
2025-08-09:	VulDB entry last update

References

vuldb.com/?id.319337 (VDB-319337 | xujeff tianti 天梯 com.jeff.tianti.controller save exportOrder csv injection) vdb-entry technical-description

vuldb.com/?ctiid.319337 (VDB-319337 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.626673 (Submit #626673 | Tianti Project Tianti 2.3 CSV Injection) third-party-advisory

github.com/N1n3b9S/cve/issues/16 exploit issue-tracking

cve.org (CVE-2025-8808)

nvd.nist.gov (CVE-2025-8808)

Download JSON