CVE-2025-1774 Information

Description

Incorrect string encoding vulnerability in NASK - PIB BotSense allows injection of an additional field separator character or value in the content of some fields of the generated event. A field with additional field separator characters or values can be included in the xtraData\ field.This issue affects BotSense in versions before 2.8.0.

Reference

https://cert.pl/en/posts/2025/03/CVE-2025-1774/ https://cert.pl/posts/2025/03/CVE-2025-1774/ https://nask.pl/instytut/dla-biznesu/botsense/