CVE-2025-31963

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2

Description The local setup interface component suffers from improper authentication and a lack of CSRF protection. This allows a local attacker to make unauthorized configuration changes by sending unauthenticated administrative configuration requests.

Recommendations Apply updates to address the authentication and CSRF protection issues in the local setup interface component.

Fix

CSRF

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-306

Related Identifiers

CVE-2025-31963

Affected Products

Hcl Bigfix Ivr

CVE-2025-31963

Weakness Enumeration

Related Identifiers

Affected Products

References · 5