Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-31970

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-06 May, 2026 | 10:22
Updated At-06 May, 2026 | 10:22
Rejected At-
Credits

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:06 May, 2026 | 10:22
Updated At:06 May, 2026 | 10:22
Rejected At:
▼CVE Numbering Authority (CNA)
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Affected Products
Vendor
HCL Technologies Ltd.HCL
Product
DFXAnalytics
Default Status
unaffected
Versions
Affected
  • 3.1 and below
Problem Types
TypeCWE IDDescription
CWECWE-358CWE-358: Improperly Implemented Security Check for Standard
Type: CWE
CWE ID: CWE-358
Description: CWE-358: Improperly Implemented Security Check for Standard
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:06 May, 2026 | 11:16
Updated At:06 May, 2026 | 19:05

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-358Secondarypsirt@hcl.com
CWE ID: CWE-358
Type: Secondary
Source: psirt@hcl.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569psirt@hcl.com
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569
Source: psirt@hcl.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-31960
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-06 May, 2026 | 18:02
Updated-06 May, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an unhandled exception.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-BigFix Service Management (SM)
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-55272
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.1||LOW
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 12:55
Updated-26 Mar, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aftermarket_cloudAftermarket DPC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-55276
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.1||LOW
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 12:46
Updated-26 Mar, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aftermarket_cloudAftermarket DPC
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-52641
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-2.9||LOW
EPSS-0.03% / 6.88%
||
7 Day CHG+0.01%
Published-15 Apr, 2026 | 08:47
Updated-01 May, 2026 | 12:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Internal Filesystem Exploration vulnerability

HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-52649
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-1.8||LOW
EPSS-0.03% / 7.49%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 14:36
Updated-25 Apr, 2026 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-52646
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-2.2||LOW
EPSS-0.03% / 10.03%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 14:42
Updated-28 Apr, 2026 | 21:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-aionAION
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-31983
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-Not Assigned
Published-06 May, 2026 | 13:40
Updated-06 May, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header

HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header. This could allow attackers to inject malicious scripts increasing the risk of cross-site scripting (XSS) and potential exposure of sensitive information.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_service_managementBigFix Service Management (SM)
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
Details not found