Ctrl + K
/ news / CVE
CVEPublished 2025-10-05Modified 2026-04-290 articles on news7 live referencesNVD data

CVE-2025-11279

Vulnerability data via NVD (ingested)

CVSS v3.1
5.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS percentile
9
Exploit Prediction Scoring System · top 91% of all CVEs
Weaknesses (CWE)
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')CWE-1236Improper Neutralization of Formula Elements in a CSV File
Description

A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Timeline
Published 2025-10-05
Modified 2026-04-29

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2025-11279
Hosts Shodan has explicitly fingerprinted as vulnerable.
More intel sources (5)
Shodan report
vuln:CVE-2025-11279
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-11279
Censys host search filtered to this CVE id.
grep.app
CVE-2025-11279
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-11279
GitHub code search for direct mentions.
Google dork
"CVE-2025-11279" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (1)

CVE-2025-112791 repo
sunlei/awesome-starsPython
My GitHub stars.
★ 8·updated 1mo ago
We haven't classified any articles referencing CVE-2025-11279 yet. The external references above still apply.