CNNVD-202508-2983 Information
CNNVD ID
CNNVD-202508-2983
Related CVE
- CNNVD Published: 2025-08-25
Description (Chinese)
PhpSpreadsheet是PHPOffice开源的一款用于读取和写入电子表格文件的PHP库。 PhpSpreadsheet 1.30.0版本、2.1.12版本、2.4.0版本、3.10.0版本和5.0.0之前版本存在代码问题漏洞,该漏洞源于HTML文档处理时存在服务端请求伪造。
Description (English)
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files from PHPOOffice open source. PhpSpPreadsheet Version 1.3.0, 2.1.12, 2.4.0, 3.1.0 and previous versions of 5.0.0 have code gaps, which stem from the existence of a service-end request for forgery when HTML files are processed.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
PHPOffice
Published
2025-08-25
Last Modified
2026-02-24
References
https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-rx7m-68vc-ppxh https://github.com/PHPOffice/PhpSpreadsheet/commit/c2cd0e64392438e4c6af082796eb65c1d629a266 https://github.com/PHPOffice/PhpSpreadsheet/commit/ac4befd2f7ccc21a59daef606a02a3d1828ade09 https://github.com/PHPOffice/PhpSpreadsheet/commit/81a0de2261f698404587a6421a5c6eb263c40b31 https://github.com/PHPOffice/PhpSpreadsheet/commit/4050f14521d70634c3320b170236574a6106eb39 https://github.com/PHPOffice/PhpSpreadsheet/commit/334a67797ace574d1d37c0992ffe283b7415471a https://nvd.nist.gov/vuln/detail/CVE-2025-54370 https://vigilance.fr/vulnerability/TYPO3-Base-Excel-Server-Side-Request-Forgery-dated-16-09-2025-48239
Patch
https://github.com/PHPOffice/PhpSpreadsheet/releases
Share on: