CVE-2025-35033 is a medium severity vulnerability identified in Medical Informatics Engineering's Enterprise Health software, specifically involving improper neutralization of formula elements in CSV files (CWE-1236). This vulnerability allows a remote attacker with authenticated access to inject malicious macros into CSV files that are downloadable by users. When these CSV files are opened in spreadsheet applications that support formula execution (e.g., Microsoft Excel), the injected macros can execute arbitrary commands, potentially leading to unauthorized actions such as data exfiltration, privilege escalation, or system compromise. The vulnerability affects multiple recent versions of the product (RC202303 through RC202503) and was publicly disclosed on September 29, 2025, with a fix released on March 14, 2025. The CVSS 4.0 base score is 6.3, reflecting a medium severity level, with attack vector being network-based, low attack complexity, no privileges required but user interaction needed, and significant impact on integrity and availability. No known exploits have been reported in the wild as of the publication date. The vulnerability arises from insufficient sanitization or neutralization of formula elements in CSV exports, allowing formula injection attacks that can be leveraged by attackers to execute malicious code when the CSV is opened in vulnerable spreadsheet software.

For European organizations, particularly those in healthcare and medical informatics sectors using Enterprise Health software, this vulnerability poses a significant risk. Exploitation could lead to unauthorized execution of malicious macros, potentially compromising sensitive patient data confidentiality and integrity, disrupting healthcare operations, and violating stringent EU data protection regulations such as GDPR. The ability to inject macros remotely and trigger them upon CSV file opening increases the risk of lateral movement within networks and targeted attacks on healthcare providers. Given the critical nature of healthcare data and the reliance on accurate medical records, any compromise could result in patient safety risks, financial penalties, and reputational damage. Additionally, the requirement for user interaction (opening the CSV) means that social engineering or phishing tactics could be used to increase exploitation likelihood. The medium severity rating suggests a moderate but tangible threat that must be addressed promptly to avoid operational disruptions and data breaches.

European organizations using Medical Informatics Engineering Enterprise Health should immediately apply the vendor-provided patches released on March 14, 2025, to remediate this vulnerability. Until patches are applied, organizations should implement strict controls on CSV file handling: disable automatic formula execution in spreadsheet applications where possible, educate users to avoid opening CSV files from untrusted or unexpected sources, and employ endpoint protection solutions capable of detecting macro-based attacks. Network segmentation and access controls should limit authenticated user privileges to the minimum necessary to reduce the attack surface. Additionally, monitoring and alerting for unusual file downloads or macro execution events can help detect exploitation attempts early. Organizations should also review and harden their CSV export functionalities and consider alternative data formats less susceptible to formula injection. Finally, conducting user awareness training focused on recognizing suspicious CSV files and macro risks will reduce the likelihood of successful exploitation through social engineering.