HCL Unica Platform is impacted by misconfigured Content Security Policy...

4 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L

Description

HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.

Basic Information

ID CVE-2025-31969

Source HCL

Published Oct 12, 2025 at 07:37

Affected Product

Vendor HCL Software

Product Unica Platform

Version <= 25.1

Affected Versions HCL Software Unica Platform <= 25.1

CWE Classification

CWE-358

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP).  These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.",
    "published": "2025-10-12T07:37:24.785Z",
    "modified": "2025-10-12T07:37:24.785Z",
    "type": "cve",
    "title": "HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124417",
    "id": "CVE-2025-31969",
    "bulletinFamily": "",
    "cwe": [
        "CWE-358"
    ],
    "cvelist": null,
    "sourceData": "HCL Software Unica Platform <= 25.1",
    "sourceHref": "",
    "cvss": {
        "score": 4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Unica Platform",
    "version": "<= 25.1",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)_CVE-2025-31969