CVE-2025-31974 describes a configuration weakness in HCL BigFix Service Management where the root file system is not mounted read-only. According to the NVD record and HCL vendor advisory reference, an improperly configured root file system may allow unintended modifications to critical system components, which can increase the risk of unauthorized changes or broader system compromise. The published CVSS [truncated]
CVE-2025-62320 is a medium-severity HTML injection issue affecting multiple HCL Unica products. The vulnerable behavior can allow attacker-controlled HTML to be displayed in a web page when input is not properly sanitized before rendering. Because the browser may process injected markup, the impact can include unexpected browser-originated requests to external resources. The NVD record shows the issue was [truncated]
