CVE-2025-31970: HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

Q: What is the severity of CVE-2025-31970?

CVE-2025-31970 has a medium severity level due to its potential impact on application security.

Q: How do I fix CVE-2025-31970?

To fix CVE-2025-31970, you should configure the Content-Security-Policy to include strict directives for object-src and base-uri.

Q: Which software is affected by CVE-2025-31970?

CVE-2025-31970 affects HCL DFXAnalytics due to its insecure security header configuration.

Q: What types of attacks could exploit CVE-2025-31970?

CVE-2025-31970 could allow attacks such as cross-site scripting or unauthorized resource access due to weak security policies.

Q: Is CVE-2025-31970 a known vulnerability?

Yes, CVE-2025-31970 is a recognized vulnerability documented in security databases.

Published May 6, 2026

Updated

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Affected Software

2 affected components

HCL DFXAnalytics

hcltech Dfxanalytics<4.1

Event History

May 6, 2026

CVE Published

via MITRE·10:22 AM

Data Sourced

via MITRE·10:22 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·11:16 AM

DescriptionSeverityWeaknessAffected Software

Jun 20, 58318

Event

via NVD·09:44 AM

Frequently Asked Questions

What is the severity of CVE-2025-31970?

CVE-2025-31970 has a medium severity level due to its potential impact on application security.

How do I fix CVE-2025-31970?

To fix CVE-2025-31970, you should configure the Content-Security-Policy to include strict directives for object-src and base-uri.

Which software is affected by CVE-2025-31970?

CVE-2025-31970 affects HCL DFXAnalytics due to its insecure security header configuration.

What types of attacks could exploit CVE-2025-31970?

CVE-2025-31970 could allow attacks such as cross-site scripting or unauthorized resource access due to weak security policies.

Is CVE-2025-31970 a known vulnerability?

Yes, CVE-2025-31970 is a recognized vulnerability documented in security databases.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-31970 - HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability - SecAlerts