CVE-2025-31963

Publication date

2026-01-07 07:05:40

Family

HCL

State

PUBLISHED

Description

Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests.