Vulnerabilites related to Axosoft - Scrum and Bug Tracking
CVE-2025-11279 (GCVE-0-2025-11279)
Vulnerability from cvelistv5
Published
2025-10-05 03:02
Modified
2025-10-06 20:08
Severity ?
2.0 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RC:R
5.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.327013 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.327013 | signature, permissions-required | |
| https://vuldb.com/?submit.659422 | third-party-advisory | |
| https://drive.google.com/file/d/1Lw9_KYblnhg7FQU70G0SgH_VyYRUD-rX/view?usp=sharing | exploit |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Axosoft | Scrum and Bug Tracking |
Version: 22.1.1.11545 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11279",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T20:07:53.520851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:08:01.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Add Work Item Page"
],
"product": "Scrum and Bug Tracking",
"vendor": "Axosoft",
"versions": [
{
"status": "affected",
"version": "22.1.1.11545"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sn4ku1 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Axosoft Scrum and Bug Tracking 22.1.1.11545 entdeckt. Betroffen ist eine unbekannte Verarbeitung der Komponente Add Work Item Page. Dank Manipulation des Arguments Title mit unbekannten Daten kann eine csv injection-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CSV Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-05T03:02:06.381Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327013 | Axosoft Scrum and Bug Tracking Add Work Item csv injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327013"
},
{
"name": "VDB-327013 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327013"
},
{
"name": "Submit #659422 | Axosoft Scrum \u0026 Bug Tracking 22.1.1.11545 Improper Neutralization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.659422"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1Lw9_KYblnhg7FQU70G0SgH_VyYRUD-rX/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-04T08:30:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Axosoft Scrum and Bug Tracking Add Work Item csv injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11279",
"datePublished": "2025-10-05T03:02:06.381Z",
"dateReserved": "2025-10-04T06:25:32.219Z",
"dateUpdated": "2025-10-06T20:08:01.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}