Improper Input Validation in HCL Unica MaxAI Workbench
CVE-2025-31995

3.5LOW

Key Information:

Vendor: HCL Software Software
Status: Maxai Workbench
Vendor: CVE Published:; 13 October 2025

🔔 Create HCL Software Software Vulnerability Alert

What is CVE-2025-31995?

HCL Unica MaxAI Workbench exhibits a critical flaw due to improper input validation, enabling attackers to exploit this weakness through various means such as SQL Injection, Cross-Site Scripting (XSS), and command injection. These vulnerabilities pose significant risks, allowing unauthorized access to sensitive data and potentially leading to extensive data breaches. It is essential for users of the affected versions to implement effective security measures and apply the necessary patches to mitigate these risks.

Affected Version(s)

MaxAI Workbench v12.1.10 - v25.1

References

https://support.hcl-software.com/csm?id=kb_article&syspar...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Apr 1, 2025

JSON