HCL Connections Broken Access Control: Unauthorized Data Updates
CVE-2025-31961 Published on August 15, 2025
HCL Connections is vulnerable to broken access control
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
Vulnerability Analysis
CVE-2025-31961 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Affected Versions
HCL Software Connections Version 8.0 is affected by CVE-2025-31961Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.