Unrated severityNVD Advisory· Published Jan 7, 2026· Updated Jan 7, 2026
HCL BigFix IVR is impacted by an insufficient session expiration vulnerability
CVE-2025-31962
Description
Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.
Affected products
2- Range: = 4.2
- HCLSoftware/BigFix IVRv5Range: 4.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.