{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-31969","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2025-04-01T18:46:23.152Z","datePublished":"2025-10-12T07:37:24.785Z","dateUpdated":"2025-10-14T14:06:18.566Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unica Platform","vendor":"HCL Software","versions":[{"status":"affected","version":"<= 25.1"}]}],"datePublic":"2025-10-12T06:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP).  These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.<br>"}],"value":"HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP).  These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-358","description":"CWE-358  Improperly Implemented Security Check for Standard","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2025-10-12T07:37:24.785Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124417"}],"source":{"discovery":"UNKNOWN"},"title":"HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-14T13:29:03.592166Z","id":"CVE-2025-31969","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-14T14:06:18.566Z"}}]}}