Skip to main content

HCL DFXAnalytics CVE-2025-59852

| EUVDEUVD-2025-209663 LOW
Cleartext Transmission of Sensitive Information (CWE-319)
2026-05-06 HCL GHSA-37m6-8rw8-wh8f
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 11:30 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.

AnalysisAI

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to intercept and read confidential information. The vulnerability requires high attack complexity (likely man-in-the-middle positioning) but affects all versions of the product when unencrypted channels are in use. No active exploitation has been reported, and the low CVSS score (3.7) reflects limited confidentiality impact with no integrity or availability compromise.

Technical ContextAI

This is a transport layer protection weakness (CWE-319) in HCL DFXAnalytics where the application fails to enforce encrypted communication channels for network-transmitted data. Rather than a cryptographic algorithm flaw, the root cause is architectural-the application either defaults to unencrypted protocols (such as HTTP, telnet, or unencrypted database connections) or fails to mandate TLS/SSL for sensitive data flows. The high attack complexity in the CVSS vector suggests exploitation requires network positioning (e.g., ARP spoofing, BGP hijacking, or compromised network infrastructure) rather than simple passive sniffing, indicating some network segmentation or partial encryption may exist but is incomplete or bypassable.

RemediationAI

Enable encryption for all network communications in HCL DFXAnalytics by enforcing TLS 1.2 or higher for all data transport channels, including client-server connections and backend database communications. Configure the application to reject unencrypted connections and validate certificate chains. Apply any security patches from HCL that address transport layer protection-check HCL support article KB0130569 for available fixes and configuration guidance. As a compensating control, restrict network access to DFXAnalytics instances using firewall rules and network segmentation, permitting connections only from authorized administrative clients and backend systems; this reduces attack surface but does not eliminate the vulnerability if an attacker gains network access. Additionally, implement network-level encryption via VPN or IPsec for all DFXAnalytics traffic if application-level TLS cannot be immediately deployed, though this creates operational complexity and should be treated as a temporary measure pending full TLS enforcement.

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2026-56453 MEDIUM
5.5 Jul 16

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-56455 MEDIUM
5.3 Jul 16

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati

CVE-2025-59851 LOW
3.7 May 06

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35143 LOW
3.0 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

CVE-2026-35142 LOW
2.6 Jul 16

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated

Share

CVE-2025-59852 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy