CVE-2025-31998CRITICAL 9.8EPSS p27.4%

CVE-2025-31998CVE-2025-31998

Description

HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.4% · 2026-06-19T12:03:05Z
Published2025-10-12
Last modified2025-10-29

Underlying weaknesses· 2

CWE-209CWE-703

References

  1. https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422

2

TypeTargetConfidenceTier
WeaknessGeneration of Error Message Containing Sensitive Informationcwe-2090%live
WeaknessImproper Check or Handling of Exceptional Conditionscwe-7030%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-31993
CVE
CVE-2025-62338
CVE
CVE-2025-31965
CVE
CVE-2025-21198
CVE
CVE-2025-60595
CVE
CVE-2025-31951
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.