CVE-2025-31963

Summary

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.

Affected Software

VendorProductVersion RangeStatus
HCLSoftwareBigFix IVR4.2affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function
  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References