CVE-2025-55745: UnoPim has CSV Injection on Quick Export feature
(updated )
Description:
CSV Injection or Formula Injection is a security vulnerability that occurs when malicious content is inserted into a CSV (Comma-Separated Values) file, which is then opened in a spreadsheet application like Microsoft Excel. This attack exploits the way spreadsheet software automatically interprets certain text patterns as formulas or commands, rather than plain text.
References
- drive.proton.me/urls/3TP1QEMXNC
- github.com/advisories/GHSA-74rg-6f92-g6wx
- github.com/unopim/unopim
- github.com/unopim/unopim/commit/8325b78567411ad78d44c0385f192360e608ff71
- github.com/unopim/unopim/commit/b25db9496fc147842a519d1dd42ec03c3bf00a34
- github.com/unopim/unopim/security/advisories/GHSA-74rg-6f92-g6wx
- nvd.nist.gov/vuln/detail/CVE-2025-55745
Code Behaviors & Features
Detect and mitigate CVE-2025-55745 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →