4 CVE-2025-31969

HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
https://nvd.nist.gov/vuln/detail/CVE-2025-31969

Categories

CWE-358 : Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. Security check not applied to all components, allowing bypass.

References

 

CPE

cpe	start	end

---

REMEDIATION

---

---

EXPLOITS

---

Exploit-db.com

id	description	date
No known exploits

---

POC Github

Url
No known exploits

---

Other Nist (github, ...)

Url
No known exploits

---

CAPEC

---

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

---