CVE-2025-51735
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-28
Last updated on: 2025-12-02
Assigner: MITRE
Description
Description
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | unica | 12.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1236 | The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CSV formula injection in HCL Technologies Ltd. Unica 12.0.0. It occurs when malicious formulas are injected into CSV files, which can be executed when the file is opened in spreadsheet software, potentially leading to unintended actions or data compromise.
How can this vulnerability impact me? :
The vulnerability can lead to execution of malicious formulas when a CSV file is opened, potentially resulting in unauthorized actions such as data manipulation, disclosure, or compromise of system integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70