Improper Authentication and CSRF Vulnerability in HCL BigFix IVR
CVE-2025-31963

2.9LOW

Key Information:

Vendor: HCL Softwaresoftware
Status: Bigfix Ivr
Vendor: CVE Published:; 7 January 2026

🔔 Create HCL Softwaresoftware Vulnerability Alert

What is CVE-2025-31963?

A local security flaw in HCL BigFix IVR version 4.2 exists due to improper authentication that allows local attackers to execute unauthorized configuration changes. This vulnerability arises from a lack of Cross-Site Request Forgery (CSRF) protection in the local setup interface, enabling malicious actors to make administrative configuration requests without proper credentials. This could lead to significant security breaches if exploited.

Affected Version(s)

BigFix IVR 4.2

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31963 Data

JSON