CVE-2025-31997

MEDIUM

HCL Unica Centralized Offer Management < 25.1.0.1 - Insecure Direct Object Reference

Title source: llm

Description

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422

Scores

CVSS v3 4.2

EPSS 0.0020

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

hcltech/unica_centralized_offer_management < 25.1.0.1

Published Oct 12, 2025

Tracked Since Feb 18, 2026