CVE-2025-31970

Summary

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Affected Software

VendorProductVersion RangeStatus
HCLDFXAnalytics3.1 and belowaffected

Weaknesses

  • CWE-358: CWE-358: Improperly Implemented Security Check for Standard

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References