CVE-2025-59851

Description

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.

CVSS Details

CVSS Score

3.7

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:* - VULNERABLE

HCL DFXAnalytics < 官方修复版本 (具体请参考KB0130569)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Conceptual PoC for CVE-2025-59851
# This script checks if the target application reveals usage of a specific vulnerable component version.

target_url = "http://target-host:port/dfxanalytics"
# Placeholder for the specific vulnerable library signature (e.g., specific header or file response)
vulnerable_signature = "VulnerableComponentVersion=X.X.X" 

try:
    response = requests.get(target_url, timeout=10)
    # Check HTTP headers or body for indicators of the vulnerable component
    if vulnerable_signature in response.headers.get("Server", "") or vulnerable_signature in response.text:
        print("[+] Potential vulnerability detected: Application appears to use the known vulnerable component.")
    else:
        print("[-] Vulnerable component signature not detected in immediate response.")
        print("[!] Manual verification of dependency libraries is recommended.")
except requests.RequestException as e:
    print(f"Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59851
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59851
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59851/
[4] VulDB https://vuldb.com/cve/CVE-2025-59851
[5] https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59851", "sourceIdentifier": "[email protected]", "published": "2026-05-06T11:16:04.440", "lastModified": "2026-05-07T20:04:10.620", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.1", "matchCriteriaId": "EBC416E1-5496-4734-AE0E-8AA575A69D18"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}