PublicCVE
Log inSign up

CVE-2025-61873

LOW2.6JSON exportCreate alert

Description

Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

CVSS breakdown

CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Affected products

References