Server-Side Request Forgery in HCL Unica Centralized Offer Management
CVE-2025-31993

3.5LOW

Key Information:

Vendor: HCL Software Software
Status: Unica Centralized Offer Management
Vendor: CVE Published:; 12 October 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31993?

HCL Unica Centralized Offer Management is susceptible to a Server-Side Request Forgery (SSRF) due to inadequate input validation. Attackers may leverage this vulnerability by crafting malicious inputs, which allows them to interact with unintended server-level resources. Proper security measures and input handling should be implemented to mitigate such risks.

Affected Version(s)

Unica Centralized Offer Management <=25.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2025
Vulnerability Reserved
Apr 1, 2025

JSON