CVE-2025-61873

Name of the Vulnerable Software and Affected Versions Request Tracker versions prior to 4.4.4+dfsg-2+deb11u5 Request Tracker versions prior to 4.4.6+dfsg-1.1+deb12u3 Request Tracker versions prior to 5.0.3+dfsg-3~deb12u4 Request Tracker versions prior to 5.0.7+dfsg-4+deb13u1

Description Request Tracker, an extensible trouble-ticket tracking system, is affected by issues that could lead to CSV injection via ticket values containing special characters, and cross-site scripting through calendar invitations added to tickets. The CSV injection can occur when exporting ticket values to a TSV from search results.

Recommendations Upgrade Request Tracker packages to version 4.4.4+dfsg-2+deb11u5 or later. Upgrade Request Tracker packages to version 4.4.6+dfsg-1.1+deb12u3 or later. Upgrade Request Tracker packages to version 5.0.3+dfsg-3~deb12u4 or later. Upgrade Request Tracker packages to version 5.0.7+dfsg-4+deb13u1 or later.