CVE Details
Basic Information
| Title | CVE-2025-54752 |
|---|---|
| Type | cve |
| Published | 2025-07-31T07:21:57.639Z |
| Modified | 2025-07-31T07:21:57.639Z |
Product Information
| Vendor | Alfasado Inc. |
|---|---|
| Product | PowerCMS |
| Version | 6.7 and earlier (PowerCMS 6.x series) |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
AI Analysis
| AI Description | A vulnerability in PowerCMS allows CSV injection, potentially executing malicious code when a user opens a malformed CSV file. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Alfasado Inc. |
| AI Product | PowerCMS |
| AI Version | 6.7, 5.3, 4.6 |
Affected Products
- Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)
- Alfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)
- Alfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)
Additional Information
| CWE List | CWE-1236 |
|---|---|
| Source | jpcert |
Description
Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a CSV file and opens it in the user’s environment, the embedded code may be executed.