CSV Injection Vulnerability in Intelbras InControl Product
CVE-2025-7061

5.1MEDIUM

Key Information:

Vendor

Intelbras

Status
Incontrol
Vendor
CVE Published:
4 July 2025

What is CVE-2025-7061?

A security vulnerability has been identified in Intelbras InControl versions up to 2.21.60.9, allowing attackers to perform CSV injection through manipulation of the /v1/operador/ file. This flaw enables remote attackers to craft malicious CSV files that can be exploited, posing significant risks to the integrity of data processed by the affected systems. Despite early notification to the vendor regarding this issue, there has been no response, raising concerns about potential exploitation.

Affected Version(s)

InControl 2.21.60.0

InControl 2.21.60.1

InControl 2.21.60.2

References

https://vuldb.com/?id.314836
vdb-entry
https://vuldb.com/?ctiid.314836
signaturepermissions-required
https://vuldb.com/?submit.600881
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lorenzomoulin (VulDB User)
.