Platform
other
Component
unica
Fixed in
25.1.2
CVE-2025-62319 describes a critical Boolean-Based SQL Injection vulnerability discovered in Unica. This vulnerability allows attackers to manipulate SQL queries by injecting Boolean conditions, leading to potential data breaches and system compromise. The vulnerability impacts Unica versions 25.1.1 and below, and a patch is expected to be released by the vendor.
The SQL Injection vulnerability in Unica allows attackers to bypass security controls and directly interact with the underlying database. Exploitation can lead to unauthorized access to sensitive data, including customer information, financial records, and proprietary business data. An attacker could also modify database content, leading to data corruption or denial of service. The Boolean-based nature of the injection means that the attacker doesn't receive direct error messages, making it a stealthier attack. Successful exploitation could result in significant reputational damage and regulatory fines.
CVE-2025-62319 was publicly disclosed on 2026-03-16. The vulnerability's criticality (CVSS 9.8) indicates a high probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the Boolean-based SQL injection technique is well-understood and readily exploitable by skilled attackers. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62319 is to upgrade to a patched version of Unica as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds such as input validation and sanitization on all user-supplied data. Web Application Firewalls (WAFs) configured with rules to detect and block SQL injection attempts can provide an additional layer of defense. Monitor application logs for suspicious SQL queries and unusual database activity.
Update to a version later than 25.1.1. See the HCL knowledge base article for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62319 is a critical SQL Injection vulnerability affecting Unica versions 25.1.1 and below, allowing attackers to manipulate SQL queries and potentially access sensitive data.
If you are using Unica version 25.1.1 or earlier, you are potentially affected by this vulnerability. Check your version and apply the available patch as soon as possible.
The recommended fix is to upgrade to a patched version of Unica. Monitor the vendor's website for the availability of the patch.
While no active exploitation has been confirmed, the high CVSS score and the well-understood nature of SQL injection suggest a high probability of exploitation.
Refer to the official Unica security advisories on the vendor's website for the latest information and patch details.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.