External risk intelligence

HCL Unica and Audience Central Boolean SQL Injection Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-62319

A SQL injection vulnerability allows attackers to insert malicious SQL code into backend queries. This could enable unauthorized access or modification of sensitive data by manipulating application input fields. It is important to determine if this vulnerability is relevant and reachable within your environment.

4Halo Surface Signal

SQL Injection

Hcltech Unica

before 25.1.1.0.1

External exposure likelihood

Halo Surface Signal score for CVE-2025-62319

The vulnerability affects HCL Unica and Audience Central, which are enterprise marketing automation and customer data platforms. These applications are typically deployed as web-based interfaces and services intended for use by multiple internal and external stakeholders, commonly resulting in a web-accessible deployment pattern that is reachable over a network.

PCI scan relevance

PCI Relevance for CVE-2025-62319

Yes

CVE-2025-62319 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This SQL injection vulnerability allows attackers to manipulate backend queries, which is an automatic fail condition for PCI ASV scans.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory addresses a critical vulnerability impacting HCL Unica and HCL Unica Audience Central, enabling attackers to inject malicious SQL code. This could allow them to manipulate backend queries, potentially leading to unauthorized access or modification of sensitive data. The main concern is confirming relevance and exposure within our environment.

Attackers can insert harmful code into applications.
High impact if exploited, leading to data compromise.
Confirm if our systems are affected and take action.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending specially crafted input to an application that processes user-provided data. This input manipulates the application's backend database queries, allowing the attacker to potentially gain unauthorized access and control over the database, leading to significant data compromise and system disruption.

Unauthenticated network access required.
Injecting boolean conditions into input fields.
Unauthorized data access and system control.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to inject arbitrary SQL commands into backend queries when supported by the advisory. This could affect system data and service behavior.

Backend configuration data.
Injected SQL commands.
Unauthorized system access.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The presence of SQL injection vulnerabilities in HCL Unica and Unica Audience Central typically places ownership with the application or platform teams responsible for these marketing and data platforms. The initial practical step is to identify all instances of these products, confirm network reachability and business criticality, and then engage the accountable application owner to prioritize remediation based on the assessed risk.

Application owners should manage the vulnerability.
Verify network exposure and business impact.
Plan remediation with vendor coordination.

Frequently asked questions

What is HCL Unica and Audience Central?

HCL Unica and HCL Unica Audience Central are enterprise software platforms used for marketing automation and managing customer data. They help organizations with campaign management, customer segmentation, and understanding customer behavior.

What is CVE-2025-62319's weakness?

CVE-2025-62319 is a Boolean-Based SQL Injection vulnerability. This means an attacker can insert specific commands into the software's input fields that trick the database into revealing information or executing unintended actions based on true/false conditions.

How can an attacker exploit this HCL Unica vulnerability?

An attacker can exploit this by sending specially crafted data to the application over the network. This data is designed to inject Boolean conditions into the application's database queries, potentially allowing the attacker to manipulate backend configurations.

Who should be concerned about CVE-2025-62319?

Organizations using HCL Unica or Audience Central, especially those with internet-facing deployments, should be concerned. The Halo Surface Signal indicates these platforms are often web-accessible, increasing the risk of external attacks.

What's the first step to address this threat?

The initial step is for application or platform teams to identify all installations of HCL Unica and Audience Central. They should then confirm if these systems are accessible over the network and engage with the responsible application owners to plan remediation.

References

support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.