CVE-2025-31966

CVSS v3.1

2.7

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2025-31966

Affected Products

Sametime

CVE-2025-31966

Weakness Enumeration

Related Identifiers

Affected Products

References · 2