CVE-2025-31997 MEDIUM

CVE-2025-31997: HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)

Vendor Hcl Software
Product Unica Centralized Offer Management
Weakness CWE-639 · IDOR
Published October 12, 2025
Last update October 14, 2025

CVSS base score

4.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.

Key dates

02Disclosure timeline

October 12, 2025 CVE published
October 14, 2025 Record updated