Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.
AnalysisAI
HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authenticated remote attackers with low privileges to gain insights into the application's internal structure, code logic, and environment configurations. The vulnerability requires high attack complexity and produces limited confidentiality impact, resulting in a CVSS score of 3.1. No active exploitation or public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability stems from CWE-209 (Information Exposure Through an Error Message), a class of weaknesses where applications fail to properly sanitize or suppress error messages before returning them to users. In HCL DFXAnalytics, the affected product fails to implement proper error handling mechanisms that would normally strip or obfuscate sensitive stack trace information from HTTP responses. Stack traces typically reveal internal implementation details including code paths, function names, library versions, and sometimes configuration values or environment variables. This information disclosure vulnerability affects the HCL DFXAnalytics product across versions indicated by the CPE wildcard pattern (cpe:2.3:a:hcl:dfxanalytics:*:*:*:*:*:*:*:*), suggesting the flaw is present across multiple or all released versions.
RemediationAI
Apply the security patch released by HCL as documented in support article KB0130569. The primary remediation is to upgrade to a patched version of HCL DFXAnalytics that implements proper error handling to suppress or obfuscate stack traces in HTTP responses. Consult the HCL support portal at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569 for the specific fixed version and upgrade instructions. As an interim compensating control pending patch deployment, implement a Web Application Firewall (WAF) or reverse proxy configured to filter or mask error responses containing stack traces before they reach end users; this reduces information leakage but does not eliminate the underlying application flaw and should not be considered a permanent solution. Alternatively, restrict network access to DFXAnalytics to trusted internal networks only and enforce strong authentication mechanisms to raise the attack complexity threshold further, though this approach accepts some residual risk and does not address the root cause.
More in Dfxanalytics
View allHCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling
HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w
HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to
HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi
Same weakness CWE-209 – Error Message Information Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209665
GHSA-w3wc-c543-6jj6