Skip to main content

HCL DFXAnalytics CVE-2025-59851

| EUVDEUVD-2025-209661 LOW
Dependency on Vulnerable Third-Party Component (CWE-1395)
2026-05-06 HCL GHSA-2rh5-wmhh-6qgc
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 11:30 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.

AnalysisAI

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers with high effort to gain limited unauthorized access. The application fails to update or isolate vulnerable dependencies, potentially enabling exploitation of publicly disclosed security flaws in embedded components to bypass authentication or extract sensitive information.

Technical ContextAI

The vulnerability stems from CWE-1395 (Using Components with Known Vulnerabilities), a supply-chain and dependency management weakness. DFXAnalytics integrates third-party libraries or sub-components that contain published security flaws but remain unpatched within the application. The specific vulnerable libraries and their CVEs are not disclosed in available sources, but this pattern typically involves outdated versions of common Java, JavaScript, or system libraries used in analytics and monitoring platforms. The root cause is insufficient dependency scanning and patch management during the development and maintenance lifecycle.

RemediationAI

Contact HCL Software support immediately to obtain a patched version of DFXAnalytics that addresses all embedded vulnerable dependencies. Apply the recommended update once released via the support portal (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569). Pending patch availability, implement network-level access controls to restrict DFXAnalytics to authorized internal users only, isolate the application on a segmented network with minimal outbound connectivity to limit exploitation of any leveraged vulnerability, and enable detailed logging and monitoring of authentication and data access events to detect potential abuse. If the specific vulnerable libraries are disclosed by HCL, conduct a manual inventory using tools like SBOM or dependency checkers (e.g., npm audit, Maven dependency check) to confirm local exposure. Note that workarounds cannot fully mitigate supply-chain vulnerabilities; patching is the primary remediation.

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2026-56453 MEDIUM
5.5 Jul 16

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-56455 MEDIUM
5.3 Jul 16

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati

CVE-2025-59852 LOW
3.7 May 06

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35143 LOW
3.0 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

CVE-2026-35142 LOW
2.6 Jul 16

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated

Share

CVE-2025-59851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy