关键信息 CVE ID: CVE-2025-35033 发布日期: 2025-09-29 更新日期: 2025-09-29 漏洞标题: Medical Informatics Engineering Enterprise Health CSV Injection 描述: Medical Informatics Engineering Enterprise Health 存在一个CSV注入漏洞,允许远程认证攻击者在可下载的CSV文件中注入宏。该问题已在2025年3月14日修复。 CWE: CWE-1236: Improper Neutralization of Formula Elements in a CSV File CVSS评分: - 版本4.0: 6.3 (MEDIUM) - 版本3.1: 4.1 (MEDIUM) 产品状态: - 厂商: Medical Informatics Engineering - 产品: Enterprise Health - 受影响版本: RC202503 before RC202503 2025-03-14 贡献者: - George Thompson, Sandia National Laboratories - Trevor LaPay, Sandia National Laboratories - Fernando Martinez, Sandia National Laboratories - Gary Huang, Sandia National Laboratories 参考链接: - raw.githubusercontent.com: url - cve.org: url