CVE-2025-66834
HIGHDescription
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
Is your site exposed to CVE-2025-66834?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| trueconf | server |
References
Frequently Asked Questions
What is CVE-2025-66834? +
How severe is CVE-2025-66834? +
What products are affected by CVE-2025-66834? +
How do I check if I'm vulnerable to CVE-2025-66834? +
Related Vulnerabilities
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that …
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory …
Data provided in a request performed to the server while activating a new device are put in a database. Other …
CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file …
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function.
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function.