Axosoft Scrum and Bug Tracking Edit Ticket csv injection

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12249

Source VulDB

Published Oct 27, 2025 at 08:02

Affected Product

Vendor Axosoft

Product Scrum and Bug Tracking

Version 22.1.1.11545

Affected Versions Axosoft Scrum and Bug Tracking 22.1.1.11545

CWE Classification

CWE-1236 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-27T08:02:11.492Z",
    "modified": "2025-10-27T08:02:11.492Z",
    "type": "cve",
    "title": "Axosoft Scrum and Bug Tracking Edit Ticket csv injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329920\nhttps://vuldb.com/?ctiid.329920\nhttps://vuldb.com/?submit.673851\nhttps://drive.google.com/file/d/1EtmG4IyNQO7VStycpkSl9iivURrYQBSD/view?usp=sharing",
    "id": "CVE-2025-12249",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1236",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Axosoft Scrum and Bug Tracking 22.1.1.11545",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Scrum and Bug Tracking",
    "version": "22.1.1.11545",
    "vendor": "Axosoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Axosoft Scrum and Bug Tracking Edit Ticket csv injection_CVE-2025-12249