{"api_version":"1","generated_at":"2026-05-13T07:41:02+00:00","cve":"CVE-2025-59852","urls":{"html":"https://cve.report/CVE-2025-59852","api":"https://cve.report/api/cve/CVE-2025-59852.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-59852","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-59852"},"summary":{"title":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability","description":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.","state":"PUBLISHED","assigner":"HCL","published_at":"2026-05-06 11:16:04","updated_at":"2026-05-07 20:03:28"},"problem_types":["CWE-319","CWE-319 CWE-319: Cleartext Transmission of Sensitive Information"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"psirt@hcl.com","type":"Secondary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569","name":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569","refsource":"psirt@hcl.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-59852","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59852","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"HCL","product":"DFXAnalytics","version":"affected 3.1 and below","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"59852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hcltech","cpe5":"dfxanalytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"59852","cve":"CVE-2025-59852","epss":"0.000100000","percentile":"0.011570000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:54"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-59852","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-06T13:04:58.670538Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-06T13:22:27.255Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"DFXAnalytics","vendor":"HCL","versions":[{"status":"affected","version":"3.1 and below"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information."}],"value":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319: Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-06T10:25:29.564Z","orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130569"}],"source":{"discovery":"UNKNOWN"},"title":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability","x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","assignerShortName":"HCL","cveId":"CVE-2025-59852","datePublished":"2026-05-06T10:25:29.564Z","dateReserved":"2025-09-22T14:59:58.052Z","dateUpdated":"2026-05-06T13:22:27.255Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-06 11:16:04","lastModifiedDate":"2026-05-07 20:03:28","problem_types":["CWE-319","CWE-319 CWE-319: Cleartext Transmission of Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"psirt@hcl.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1","matchCriteriaId":"EBC416E1-5496-4734-AE0E-8AA575A69D18"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"59852","Ordinal":"1","Title":"HCL  DFXAnalytics  is affected by an Insufficient Transport Laye","CVE":"CVE-2025-59852","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"59852","Ordinal":"1","NoteData":"HCL  DFXAnalytics  is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.","Type":"Description","Title":"HCL  DFXAnalytics  is affected by an Insufficient Transport Laye"}]}}}