CVE-2025-51735 identifies a CSV formula injection vulnerability in HCL Technologies Ltd. Unica version 12.0.0. CSV formula injection occurs when untrusted data is embedded into CSV files without proper sanitization or escaping, allowing attackers to insert malicious spreadsheet formulas (e.g., starting with '=', '+', '-', or '@'). When a user opens such a CSV file in spreadsheet software like Microsoft Excel or LibreOffice Calc, these formulas can execute, potentially leading to arbitrary code execution, data exfiltration, or manipulation. This vulnerability is particularly relevant in environments where CSV exports are generated from user-supplied data or external sources, such as marketing automation platforms like Unica. Although no public exploits are currently known, the risk remains significant due to the common use of CSV exports and the ease with which attackers can craft malicious payloads. The lack of a CVSS score indicates that detailed impact metrics are not yet available, but the nature of formula injection suggests a moderate threat level. The vulnerability was reserved in June 2025 and published in November 2025, indicating recent discovery. No patches or mitigations have been officially released yet, requiring organizations to implement interim controls. The vulnerability primarily impacts confidentiality and integrity by enabling unauthorized data manipulation and potential execution of commands via spreadsheet macros or formulas. Exploitation requires user interaction (opening the CSV file), but no authentication is needed to craft malicious CSV files, making social engineering a likely attack vector.

For European organizations, especially those using HCL Unica 12.0.0 for campaign management and marketing automation, this vulnerability could lead to significant data integrity issues and potential exposure of sensitive marketing data. Attackers could manipulate exported CSV data to execute malicious formulas, potentially leading to unauthorized access to internal systems or data leakage when users open infected files. This could disrupt marketing operations, damage organizational reputation, and lead to compliance issues under GDPR if personal data is compromised. The impact is heightened in sectors with heavy reliance on data exports and analysis, such as finance, retail, and telecommunications. Since exploitation requires user interaction, phishing or social engineering campaigns could be used to deliver malicious CSV files to targeted employees. The absence of known exploits suggests the threat is currently theoretical but could become practical once attackers develop payloads. Organizations lacking strict input validation or user training are at higher risk. The vulnerability does not directly affect availability but can indirectly cause operational disruptions through data corruption or loss of trust in exported reports.

European organizations should implement multiple layers of defense to mitigate this vulnerability. First, sanitize and validate all user inputs or external data before embedding them into CSV exports, escaping or removing characters that trigger formula execution ('=', '+', '-', '@'). Second, configure spreadsheet software to disable automatic formula calculation or enable 'Protected View' for files originating from untrusted sources. Third, educate users about the risks of opening CSV files from unknown or untrusted origins, emphasizing caution with email attachments and downloads. Fourth, monitor for updates and patches from HCL Technologies and apply them promptly once available. Fifth, consider implementing data loss prevention (DLP) solutions to detect and block suspicious CSV files containing formulas. Finally, review and harden email filtering and endpoint security controls to reduce the risk of phishing campaigns delivering malicious CSV files. These steps go beyond generic advice by focusing on both technical controls and user awareness specific to CSV formula injection in the Unica context.