Misconfigured Content Security Policy in HCL Unica Platform
CVE-2025-31969

4MEDIUM

Key Information:

Vendor: HCL Software Software
Status: Unica Platform
Vendor: CVE Published:; 12 October 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31969?

The HCL Unica Platform is affected by a misconfigured Content Security Policy (CSP) that allows potentially harmful resources to be loaded. This vulnerability exposes users to various web-based attacks, including cross-site scripting (XSS) and clickjacking. Attackers could exploit these weakness to inject malicious scripts or hijack user sessions, compromising the integrity of the application and the confidentiality of user data. It is crucial to address this misconfiguration to enhance the security posture of the platform.

Affected Version(s)

Unica Platform <= 25.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2025
Vulnerability Reserved
Apr 1, 2025

JSON